Emerging Malware that Businesses Need to Know

By Enterprise Security Magazine | Thursday, January 17, 2019

Cyber attackers are today smarter than many security professionals. They use more sophisticated ways to attack their victims. The ongoing development of cybercrime in the world is constant. Emotet and Trickbot, a new attack method used by cybercriminals to infect users, steal their livelihoods and generally cause havoc, are heard on a regular basis. Emotet and Trickbot are information stealers for computers based on Windows and are best known as banking malware. Each is normally distributed through separate campaigns of malicious spam (malspam). However, both these types of malware are being recovered in one infection chain. This unique combination of Emotet and Trickbot doubles the risk to a vulnerable windows host.

Check it out - 10 Most Promising Cybersecurity Solution Providers

Under the Radar, the Future of Undetected Malware, the report analyzed that the latest statistics on fileless attack methodology, frequency, resistance to remediation, and adaptive attacks represent the future of attacks. According to the research, not only did fileless malware account for 35 percent of all attacks in 2018, but it is also ten times more likely to succeed than file-based attacks. Current Emotet Trojan versions include the ability to install additional malware on infected machines. This malware may consist of other banking services such as trojans or malspam. Trickbot is still sent through its own malspam campaigns, but one can also find Trickbot examples using Emotet as an alternative method of distribution. Most Emotet and Trickbot writings focus on individual malware features and do little to paint a complete picture of a successful infection chain. Both belong to various malware families, but they have some similarities. Both are information stealers which can load additional modules for functions such as spamming or worm propagation. All were distributed through malspam last year using Microsoft Word documents as the initial infection vector.

Malware reportedly borrows the propagation and anti-forensic strategies seen in recent complex nation-state attacks, which means that these latest malware’s unique behaviors and tactics can sustain cleanup attempts. According to Malwarebytes, Emotet was detected and eliminated more than 1.5 million times between January and September 2018, while its telemetry further disclosed that TrickBot was detected and removed in one industry in the first nine months of 2018 almost half a million times.

Proper spam filtering organizations, proper system management, and up-to-date Windows hosts have a lower risk of infection. Customers of Palo Alto Networks are further protected from this threat. This platform detects malware for Emotet and Trickbot. AutoFocus users can use Emotet and Trickbot tags to track this activity.