Sunday, May 28, 2023
News 21 AV
  • Home
  • Tech News
    Ban predictive policing systems in EU AI Act, says civil society

    Insights on Nordic artificial intelligence strategies

    Unionised contract workers who train Google’s AI win pay rise

    Unionised contract workers who train Google’s AI win pay rise

    Government given until autumn 2023 to create technology roadmap to support net-zero strategy

    Government given until autumn 2023 to create technology roadmap to support net-zero strategy

    Ellison-founded sailing league SailGP plumps for Oracle NetSuite to expand

    Ellison-founded sailing league SailGP plumps for Oracle NetSuite to expand

    Cabinet Office looks to expand public data sharing for digital ID

    Cabinet Office looks to expand public data sharing for digital ID

    A pandemic retail trend that’s here to stay?

    LockBit cartel suspected of Royal Mail cyber attack

    Umbrella firm Parasol confirms ‘malicious activity’ as root cause of ongoing systems outage

    Government accused of leaving umbrella company regulation in limbo by shelving enforcement body

    UK government completes trials of age estimation technology

    UK government completes trials of age estimation technology

    Cyber insurance: The good, the bad and the ugly

    Companies warned to step up cyber security to become ‘insurable’

  • Virtual reality
    How XR Technologies Are Making Design Reviews Immersive | NVIDIA Blog

    How XR Technologies Are Making Design Reviews Immersive | NVIDIA Blog

    Review: PlayStation VR2 is a huge leap that still can't escape its niche

    Review: PlayStation VR2 is a huge leap that still can’t escape its niche

    Meta Quest users can now tap and swipe in VR without controllers

    Meta Quest users can now tap and swipe in VR without controllers

    Former Salesforce exec Bret Taylor is teaming up with Google AR/VR vet Clay Bavor on mystery startup

    Former Salesforce exec Bret Taylor is teaming up with Google AR/VR vet Clay Bavor on mystery startup

    Google’s GV backs SideQuest, an unofficial Meta Quest app store

    Meta’s Reality Labs lost $13.7 billion on VR and AR last year

    Proptech in Review: Investors predict slower growth in 2023

    Proptech in Review: Investors predict slower growth in 2023

    Emperia

    Emperia is helping brands like Bloomingdales build shopping experiences in VR

    Gemba, a corporate VR training platform used by Coca-Cola and Pfizer, raises $18M

    Gemba, a corporate VR training platform used by Coca-Cola and Pfizer, raises $18M

    Microsoft is sunsetting social VR pioneer AltspaceVR

    Microsoft is sunsetting social VR pioneer AltspaceVR

  • Lifestyle
    Hosting a Casino-Themed Party

    How to Play Limbo Gambling Game: A Beginner’s Guide

    sports Asia

    Everything You Need to Know About the 7 Unusual Sports You Can Only See That Is Played in Asia!

    business meeting

    How To Create an Herbal Garden Catering Company

    apple products

    5 Things To Avoid When Trying To Sell Your Apple Products

    women life

    11 Fun Ways to Stay Mentally Sharp in Your Later Years

    sex toys

    What Happens When You Don’t Clean Your Sex Toys Regularly

    Healing Powers of Aromatherapy

    What is A Light Therapy For Seasonal Affective Disorder

    Fuma Extra Vapes

    Fume Extra Vape Review: An In-Depth Look at This Innovative Vaporizer

    Assortment of Stitch activity cards. Activities such as "Art Makers - SoulCollage Workshop', 'Creative Writers Workshop', 'Creative Art Expression Workshop', 'Learning Calligraphy'.

    It’s never too late: Learn new talents with Stitch

  • Beauty
    Water Flosser

    This Bestselling Waterpik Is On Sale Right Now

    Proud To Be Pink Bobbi Brown Gloss Duo

    Proud To Be Pink Bobbi Brown Gloss Duo

    ColourPop x Snitchery Collection Swatches (Eyes & Cheeks)

    ColourPop x Snitchery Collection Swatches (Eyes & Cheeks)

    Image may contain Clothing Apparel Human Person Lingerie and Underwear

    Period Care Ads Are Woefully Lacking in Disability Representation

    mileys new years eve party

    Who Is Maxx Morando? – All About Miley Cyrus’s New Boyfriend

    Dior Cosmic Eyes (359) Eyeshadow Palette

    Dior Holiday 2022 Collection Swatches

    preview for How Emma Stone Became an Oscar-Winning Actress

    Who Is Dave McCary? Meet Emma Stone’s Husband and Baby Girl’s Dad

    Coloured Raine Sunset Chic Eyeshadow Palette Review & Swatches

    Coloured Raine Sunset Chic Eyeshadow Palette Review & Swatches

    Mila Kunis Criticizes Celebs Who Gave Will Smith a Standing Ovation at the Oscars After The Slap

    Mila Kunis Criticizes Celebs Who Gave Will Smith a Standing Ovation at the Oscars After The Slap

  • Health & Fitness
    First They Get Long COVID, Then They Lose Their Health Care

    Depression and Age-Related Macular Degeneration

    86-Year-Old Powerlifter Brian Winslow (60KG) Sets Deadlift Record of 77.5-Kilograms (170.8-Pounds)

    86-Year-Old Powerlifter Brian Winslow (60KG) Sets Deadlift Record of 77.5-Kilograms (170.8-Pounds)

    logo for Fetch

    FDA Approves Drug for Cats With Allergic Skin Disease

    Lee Haney Explains Why He Retired Undefeated After 8 Olympia Titles: "There's Nowhere Else To Go But Down"

    Lee Haney Explains Why He Retired Undefeated After 8 Olympia Titles: “There’s Nowhere Else To Go But Down”

    Logo for WebMD

    HIV Infections Could Spike After Ruling on Affordable Care Act: Experts

    Joe Mackey Crushes a 449-Kilogram (990-Pound) Hack Squat For 5 Reps

    Joe Mackey Crushes a 449-Kilogram (990-Pound) Hack Squat For 5 Reps

    First They Get Long COVID, Then They Lose Their Health Care

    What I Learned About Caring for Someone With AMD

    2023 Clash On The Coast Results — Sumer Johnson and Andrew Clayton Triumphant

    2023 Clash On The Coast Results — Sumer Johnson and Andrew Clayton Triumphant

    First They Get Long COVID, Then They Lose Their Health Care

    Top Health Challenges for Aging Asian Americans

  • Equipment
  • Login
No Result
View All Result
News 21 AV
Home Tech News

Why is Emotet back, and should we be worried about it?

News 21 AV by News 21 AV
November 19, 2021
in Tech News
0
Why is Emotet back, and should we be worried about it?
0
SHARES
1
VIEWS
FacebookTwitter

Related posts

Ban predictive policing systems in EU AI Act, says civil society

Insights on Nordic artificial intelligence strategies

January 14, 2023
Unionised contract workers who train Google’s AI win pay rise

Unionised contract workers who train Google’s AI win pay rise

January 14, 2023


Back in January 2021, cyber pros rejoiced as a global sting operation by law enforcement agencies dismantled the Emotet botnet for good.

The takedown was celebrated as an example of the power of collaboration in the face of global security threats and had an immediate impact on the cyber criminal underground.

But in the past few days, alarming signs have emerged that Emotet is back in operation, prompting fears of a renewed campaign of malicious activity. So, what has happened? And how concerned should defenders be?

Emotet started out as a relatively run-of-the-mill banking trojan back in 2014, but over the intervening years was developed and refined by its creators into a highly sophisticated botnet used as a delivery mechanism – a loader in cyber parlance – for other nasties such as malware and ransomware.

By late 2020, Emotet had come to form a key part of the cyber crime-as-a-service economy, leased to malicious actors as a means of accessing targets to steal and ransom data.

The Ryuk ransomware crew was one of Emotet’s more reliable customers, among many others, and more on this link later.

At the peak of its activity, Emotet was a highly effective and dangerous threat, with its operators considered masters of social engineering techniques such as bespoke spear phishing emails – used to encourage targets to infect themselves.

Not so fast

Its January takedown was therefore rightly celebrated, but even at the time, many security experts tempered their enthusiasm and said it was likely Emotet would eventually reemerge in some form.

Among them were Mandiant’s Kimberly Goody, who said at the time it was likely that some of Emotet’s partner operations, such as Trickbot, Qakbot and Silentnight, could be leveraged to rebuild the botnet.

Something of this nature does indeed now seem to have happened. Initial signs that Emotet was resurfacing began to appear on the evening of 14 November, when security analysts at GData stumbled upon evidence from their Trickbot trackers that the bot was trying to download a dynamic link library (DLL) to the system. Subsequent analysis revealed the DLLs to be Emotet, and by the next morning, as others confirmed the link, the news was spreading fast.

According to conversations between Lawrence Abrams of Bleeping Computer, who was one of the first to report Emotet’s emergence, and security researchers, the botnet’s operators appear to have been rebuilding it using infrastructure belonging to Trickbot – as theorised by Goody at Mandiant – and it likely heralds a surge of activity, particularly among ransomware operators, many of whom have found themselves on the back foot of late.

The Mummy and the Wizard

Crowdstrike’s senior vice-president of intelligence, Adam Meyers, said the botnet’s re-emergence, which he credited to the strong prior relationship between Emotet and Trickbot’s operators (which Crowdstrike tracks as Mummy Spider and Wizard Spider respectively) was a sign of “how resilient the e-crime milieu has become”.

Meyers suggested it was possible that Wizard Spider may in fact have taken over Emotet for itself in some form. Note, incidentally, that Wizard Spider also counts the Ryuk and Conti ransomwares in its arsenal.

Radware threat intelligence director Pascal Geenens said it was likely that Emotet was working with Trickbot to gain a large foothold quickly, to a point where it can resume self-sustaining growth, and suggested it was only a matter of time before this happened.

“Given the number of successful extortion campaigns and enormous payouts involving ransomware in recent history, there should be plenty of demand for malware-as-a-service platforms by ransomware operators,” said Geenens.

“The timing is as good as any to get back in business for the actors that were able to sustain one of the largest and most prolific malware platforms in cyber crime history.”

Digital Shadows’ Stefano De Blasi said it was likely Emotet would be taken up with enthusiasm. “Many cyber criminal groups may return to Emotet as a tried and tested approach, although these changes will likely be reflected over several months,” he said.

“It will undoubtedly take some time to rebuild Emotet’s infrastructure, however, its massive reputation in the cyber criminal community makes it a predictable choice for many threat actors looking to expand their operations.”

What next?

Emotet may be back, but at the time of writing its impact appears to still be somewhat limited – although there are already indicators that it is being used in spam campaigns.

“To protect themselves, it is really down to organisations ensuring they identify compromised hosts quickly and remediate,” said Crowdstrike’s Meyers.

“Based on our research on breakout time – i.e. the time it takes for an adversary to move laterally within a victim environment – security teams should detect threats on average in one minute, understand them in 10 minutes and contain them in 60 minutes to be effective at stopping breaches.”

For now, said Jen Ellis, vice-president of community and public affairs at Rapid7, there is little out of the ordinary that defenders need to actually do.

“From the information available, it seems that even though they are still in the early stages of rebuilding their network, Emotet is already sending out spam,” she said. “This seems to indicate that we can expect to see Emotet’s controllers resuming operations very much as they did before the takedown in January.

“Since then though, we have seen law enforcement and the private sector work more closely together on other unified actions to deter and disrupt attacker groups. They will be watching this development closely and I suspect they will already be considering potential actions to stop Emotet returning to the supremacy it once enjoyed.  

“In the meantime, it’s business as usual for security professionals,” said Ellis. “The name Emotet may strike fear in their hearts, but the reality is they are under attack every day and all the same measures needed to defend against those attacks are the same for Emotet. Timely patching, effective identity and access management strategies, network segmentation, regular offline backups, email filtering, and user awareness are all core components of a defence-in-depth and business resilience strategy.”

Appgate researcher Felipe Duarte Domingues had similar advice for defenders. “IT managers and cyber security teams need to manage this new Emotet version as any other malware threat, deploying reasonable security measures and training employees against social engineering attacks like e-mails and phishing,” he said.

“It’s important to notice that those new capabilities show the actors are focusing on executing other malware along with Emotet. Botnets like Trickbot are often used to spread and move laterally into a network, and even deploy ransomware. 

“Adopting a zero-trust model is important for any organisation that wants to be protected against Emotet or any other botnet [or] ransomware threat. By assuming all connections can be compromised and segmenting your network, you can limit the affected systems and the threat actions to a single perimeter, and increase the chance of detecting malicious behaviours inside your network.”

Rapid response

On the upside, Doug Britton, CEO of Haystack Solutions, a US-based security services firm, said it may be a positive sign that Emotet was spotted and identified so quickly.

“Emotet is a pervasive piece of malware and indicative of the recycling and evolution in malware delivery techniques,” he said. “It is very interesting to see this in an early inning in the restructuring and rebuilding of Emotet and its bot-spamming infrastructure.

“It is promising to hear that researchers have proactively identified this. Cyber professionals are critical in the fight against the persistent threat of evolving malware. As we can see, bad actors are developing the pipes to deliver malware on a massive scale.”



Source link

Tags: Emotetworried
Previous Post

Demeo, Paper Birds & Madrid Noir all win big at 2021 VR Awards

Next Post

Norm Architects fashions industrial yet warm interiors for Notabene flagship

Next Post
Norm Architects fashions industrial yet warm interiors for Notabene flagship

Norm Architects fashions industrial yet warm interiors for Notabene flagship

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

RECOMMENDED NEWS

Hydrating Argan Oil Hair Mask and deep conditioner by Arvazallia for dry and damaged hair

These 10 Best Luxe Hair Care Products are Rally Game-Changing!

1 year ago
Paul & Joe Beauty 20th Anniversary Collection

Paul & Joe Beauty 20th Anniversary Collection

1 year ago
unique dining room pendant lights

Modern Chinese Minimalism With Super Stylish Twists

1 year ago
Logo for WebMD

30% of COVID Patients in Study Developed ‘Long COVID’

1 year ago

BROWSE BY CATEGORIES

  • Beauty
  • Equipment
  • Health & Fitness
  • Lifestyle
  • Tech News
  • Virtual reality

BROWSE BY TOPICS

Beauty Equipment Health & Fitness Lifestyle Tech News Virtual reality

POPULAR NEWS

  • The 20 Best Leg Exercises for Size and Strength

    The 20 Best Leg Exercises for Size and Strength

    0 shares
    Share 0 Tweet 0
  • Who Is Dalton Gomez – Meet Ariana Grande’s Husband

    0 shares
    Share 0 Tweet 0
  • 14 Best Sanitary Napkins To Provide Comfort During Periods

    0 shares
    Share 0 Tweet 0
  • 10 Best CD Players in 2021

    0 shares
    Share 0 Tweet 0
  • Why Power Dressing is Important at Workplace For Women

    0 shares
    Share 0 Tweet 0
News 21 AV

We bring you the best of latest news articles with an emphasis. We offers an original take on the latest in Lifestyle, fashion, high tech and health & fitness informations and guides.

Follow us on social media:

Recent News

  • Studio Paul Chan references Wes Anderson at Boisson bottle shop in LA
  • Hunter Labrada Deadlifts 265.3 Kilograms (585 Pounds) for 4-Rep PR
  • How To Choose The Right Velvet Chesterfield Sofa For Your Living Room

Category

  • Beauty
  • Equipment
  • Health & Fitness
  • Lifestyle
  • Tech News
  • Virtual reality

Recent News

Q&A With Ann Partridge, MD, MPH

Swallowed Razors, Magnets, and More: New Advice for Doctors

May 23, 2023
Turn Your First Bowl | Popular Woodworking

Turn Your First Bowl | Popular Woodworking

May 23, 2023
  • Blog
  • Privacy Policy
  • Disclaimer
  • Terms and Conditions
  • Contact us

© 2021 News.21av - Popular News & magazine powred by Get solutions.

No Result
View All Result
  • Home
  • Tech News
  • Virtual reality
  • Lifestyle
  • Beauty
  • Health & Fitness
  • Equipment

© 2021 News.21av - Popular News & magazine powred by Get solutions.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In