Over the course of the second half of 2018, criminally motivated attackers were able to cause significant damage to enterprises without their knowledge by using not-so-sophisticated attacks, according to a new report from Gigamon.
Not surprisingly, the report found that the top three malware threats of 2018 were Emotet, LokiBot and TrickBot. While these malware threats seemed to be vying for position of most prevalent in the middle of the year, attackers increased their use of Emotet, which turned out to be the front-runner by the year’s end, according to the report.
"Most notably, Emotet’s rapid increase began in early November 2018, which continued through late December 2018. During this time, Emotet campaigns appeared daily with different attachment hashes, different attachment filenames and different email subject lines. On or about 21 December 2018, Emotet went silent and remained silent through the first weeks of 2019."
Despite its being widely known in the security industry as the top threat and the most frequently delivered malware, Emotet is still able to evade detection, which is one reason why the report advised that CISOs should be aware of the malware’s ability to steal sensitive corporate information.
"Due to Emotet’s polymorphic nature, it is difficult to detect by signatures alone, so organizations must be able to identify Emotet’s network communications behaviors to mitigate its rapid proliferation. Security teams should examine both north/south C2 communications as well as east/west lateral communications."
LokiBot also proved useful in business email compromise, as once it was installed, attackers were able to execute other malicious code. "Attackers tied to the ransomware outbreak in the Ukraine targeting major banks, utilities and telcos also installed a variant of LokiBot to not only make the compromised machine inoperable, but to also steal credentials and information."
According to the report, one objective of the research was to change the cybersecurity narrative by educating CISOs on how to mitigate these prevalent threats. To that end, the report advised that CISOs be dedicated to studying the behavior of successful threats, and apply known research in the development of a robust set of indicators and detection mechanisms. When security teams are able to leverage new indicators and detection mechanisms across comprehensive network visibility, they are better positioned to use gained insight that will enable them to reduce risk.