Emotet and Trickbot Are the Future of Malware

guest · Dec 6, 2018

Emotet and Trickbot Are the Future of Malware
December 5, 2018
https://www.infosecurity-magazine.com/news/emotet-and-trickbot-are-the/

Malware authors have been incorporating new infection methods that have resulted in a whole new category of attacks that are likely to represent the future of malware, according to a new research report from Malwarebytes.

Released today, the research report Under the Radar – The Future of Undetected Malware revealed that malware authors are using new skills that help them evade detection, giving them an edge against security tools and enterprise defenders.

The report analyzed the latest data in fileless attack methodology, frequency, remediation resistance and adaptive attacks and found that TrickBot, SamSam, Emotet, and Sorebrect represent the future of attacks.
According to the research, not only is fileless malware estimated to account for 35% of all attacks in 2018, but it is also 10 times more likely to succeed than file-based attacks.

[...] Emotet malware was detected and removed more than 1.5 million times between January and September 2018 [...] TrickBot within a single industry nearly half a million times in the first nine months of 2018.
Click to expand...

"Under the Radar – The Future of Undetected Malware" (PDF): https://resources.malwarebytes.com/resource/under-the-radar-the-future-of-undetected-malware/

Rasheed187 · Dec 8, 2018

I'd rather see Malwarebytes give examples of how they are able to block these threats, that would be more interesting.

itman · Dec 8, 2018

The last test I could find where Malwarebytes was tested at Malware Research Group against financial malware was here: https://www.mrg-effitas.com/wp-content/uploads/2018/05/MRG-Effitas-2018Q1-360-Assessment.pdf. The results were pretty dismal. Malwarebytes has never participated in MRG's online banking test series.

Rasheed187 · Dec 15, 2018

itman said: ↑

The last test I could find where Malwarebytes was tested at Malware Research Group against financial malware was here: https://www.mrg-effitas.com/wp-content/uploads/2018/05/MRG-Effitas-2018Q1-360-Assessment.pdf. The results were pretty dismal. Malwarebytes has never participated in MRG's online banking test series.
Click to expand...

Exactly, I wonder why their behavior blocking tech wasn't able to block those 58 malware samples. It's easy to talk the talk.

guest · Mar 20, 2020

TrickBot and Emotet strains make process injection most prevalent attack technique
March 20, 2020
https://www.techrepublic.com/articl...ss-injection-most-prevalent-attack-technique/

In Red Canary's 2020 Threat Detection Report, the company analyzed six million investigative leads from January 2019 to December 2019, honing in on the most prevalent cyberattack techniques faced by organizations worldwide.

Malware strains like TrickBot and Emotet were widespread according to threat detection and response specialists at Red Canary.

"An abundance of threats exhibiting worm-like behavior is perhaps the clearest trend from the 2020 Threat Detection Report, and TrickBot is the main driver of this activity. Another trend that stands out is the use of remote administration and network management tools for lateral movement and execution," the report said.
"The use of worms, TrickBot and/or remote admin tools doesn't account for the prevalence of these techniques entirely, but they play a major role. Anecdotally, worms became increasingly common throughout the latter half of the 2010s. [...]"
According to Red Canary detection engineer Jason Killam, process injection is a technique used by cyberattackers to mix malicious activity with operating system processes that are fairly routine.
Click to expand...

Techniques like process injection were key to TrickBot's functionality because they could run arbitrary code through a Windows Service Host, while other attacks like spearphishing attachments and Powershell were leveraged more by Emotet.
Part of why process injection was so high on the list was because most of Red Canary's customers came to them with concerns after Emotet had already done its damage and TrickBot was infecting a significant amount of their devices.
Click to expand...

Red Canary: Worms shape the narrative in Red Canary's 2020 Threat Detection Report

Worms—threats that leverage automated lateral movement to infect as many systems as possible—dominated the landscape in 2019, according to an analysis of confirmed threats in Red Canary’s 2020 Threat Detection Report. Specifically, behaviors tied to the information-stealing trojan TrickBot led to thousands of detections across our customer base—predominantly organizations that came to us through incident response partners—and shaped the findings in this year’s report.
Threat trends
An abundance of threats exhibiting worm-like behavior (i.e., those that move laterally within an environment in an automated fashion) is perhaps the clearest trend from the 2020 Threat Detection Report, and TrickBot is the main driver of this activity.
Click to expand...

Log in or Sign up

Emotet and Trickbot Are the Future of Malware

guest Guest

Rasheed187 Registered Member

itman Registered Member

Rasheed187 Registered Member

guest Guest

Log in or Sign up

Emotet and Trickbot Are the Future of Malware

guest Guest

Rasheed187 Registered Member

itman Registered Member

Rasheed187 Registered Member

guest Guest

Useful Searches