Cybersecurity Alert - FINRA Notifies Member Firms of Joint CISA & FBI Cybersecurity Advisory (AA23-242A)

Cybersecurity Alert – FINRA Notifies Member Firms of Joint CISA & FBI Cybersecurity Advisory (AA23-242A)

Impact: All Firms

(Firms should also review this information with any vendors who provide information technology services to the firm.)

FINRA is highlighting a recent joint Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) Cybersecurity Advisory published on August 30, 2023, which may be updated as new intelligence is uncovered. This Advisory complements the successful effort of the FBI and international partners to disrupt Qakbot on August 25, 2023, which included the seizure of over $8.6 million worth of crypto assets extorted from victims. As part of the successful operation, law enforcement agencies were able to identify over 700,000 computers that may have been infected by Qakbot, which has been implicated as one of the most active forms of ransomware in 2023. Threat actors typically deliver Qakbot via social engineering.

The Joint CISA and FBI Advisory provides an overview of Qakbot’s infrastructure and indicators of compromise (IOCs) of which organizations should be aware. The Cyber and Analytics Unit (CAU) within FINRA’s Member Supervision program suggests firms evaluate the IOCs with appropriate personnel to determine whether their systems, including any provided by vendors, are at risk.

Questions related to this Alert or other cybersecurity-related topics can be emailed to the CAU. As indicated in the joint Advisory, if potential compromise is detected, member firms should apply the incident response recommendations included in the CISA and FBI Advisory and report key findings to a local FBI Field Office or CISA at cisa.gov/report.