2 min read

Emotet, Lokibot, TrickBot still impacting enterprise environments globally

Filip TRUȚĂ

March 05, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Emotet, Lokibot, TrickBot still impacting enterprise environments globally

New research based on observed attack data over the second half of 2018 (2H 2018) reveals the command-and-control and lateral activities of three high-profile pieces of malware targeting large organizations in recent months: Emotet, LokiBot, and TrickBot.

Gigamon”s report is intended to increase the understanding of how the most prolific malware of 2018 traversed enterprise networks without detection.

The paper shows Emotet campaigns soared in November and December of 2018, which accounted for 45.9% of observed attacks during the entire second half of the year.

Emotet is a banking trojan that obtains sensitive data by injecting malicious code into the networking stack of an infected endpoint, allowing sensitive data to be exfiltrated upon transmission. The malware can also slide itself into software modules and perform denial of service attacks on other systems, and it can act as a downloader or dropper of other banking Trojans.

While attackers leveraged many known network techniques that make detection fairly easy, their Emotet-centric campaigns also included significant changes and experimentation, researchers said.

LokiBot, another trojan designed to covertly siphon information from a compromised endpoint, represented 11.6% of observed samples in 2H 2018 and the most diverse attachment types used for initial infection.

LokiBot is both an information stealer and keylogger, mainly used for credential theft. The malware had a fairly high success rate throughout 2018, illustrating that even simple threats can infiltrate enterprises with a poor network security posture.

“The network behaviors remain simplistic highlighting the clear value of pervasive network visibility,” researchers noted.

TrickBot, one of the newer banking trojans, represented 10.4% of observed attacks during 2H 2018, roughly the same as in 1H 2018. The malware typically spreads via spam campaigns and specializes in harvesting emails and credentials using the Mimikatz tool. It comes in “chunks” with specific tasks like gaining persistence, propagation, stealing data, etc. A configuration file commands the modules and how and when they are deployed.

Notably, TrickBot has undergone periods of experimentation by those who control it, resulting in disparate deployment and obfuscation techniques that makes detection harder. Due to its continuous change in its tactics, TrickBot remained a prevalent threat to enterprises throughout 2018, researchers said.

“Emotet, LokiBot and TrickBot may all be considered common, high-volume malware; however, all three are wildly successful in infiltrating enterprise networks and persisting,” they added. “They pose significant damage potential and cost to organizations and take significant resources to respond to and remediate. The opportunity to learn from their success can lead security teams to a more mature and productive security strategy.”

According to the paper, all three malware families show network activity and behaviors that can be rapidly detected with pervasive network visibility along with an understanding of adversary methodologies gained through intelligence efforts.

Network-level threats have been a tough nut to crack for years, but security vendors today have dedicated solutions on offer to combat these threats. Learn more by downloading Bitdefender”s free whitepaper, Combating Advanced Threats with Network Traffic Analytics.”

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read