Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Emotet continues to adapt techniques to evade detection

published on 2022-10-20 14:34:49 UTC by
Content:

According to new research by VMware, threat actors behind the notorious Emotet malware strain have continued to shift and evolve their tactics and command-and-control (C2) infrastructure to evade detection.

Emotet’s infrastructure was taken down as part of a coordinated law enforcement operation in January 2021, however, the malware’s resurrection in November 2021 gained significant traction across the cyber threat landscape, paving the way for Cobalt Strike infections and, more recently, ransomware attacks involving Quantum and BlackCat.

The research suggests that Emotet is continuously changing to make it more difficult for defenders to adapt and block the malware.

The Emotet threat actors typically distribute phishing emails and specially crafted messages to convince victims to click on malicious links or open malicious documents using a range of differing filetypes.

In January 2022 alone, VMware observed three different sets of attacks in which the Emotet payload was delivered via an Excel 4.0 (XL4) macro, an XL4 macro with PowerShell, and a Visual Basic Application (VBA) macro with PowerShell.

Since then, the NMC have reported on a range of techniques that avoid the use of macros since Microsoft blocked them by default.

Several of the attack chains identified were also observed abusing legitimate executables, also known as living-off-the-land binaries, a popular technique used to prevent detection.

The threat actors also use significant anti-analysis countermeasures to attempt to hide the details of their C2 infrastructure.

The ongoing adaptation of Emotet's attack chain is a major contribution to the reason the malware has been successful for so long.

As Emotet is primarily leveraged through phishing emails, user awareness of this prevalent threat is essential to help mitigate risk of exploitation and therefore prevent a ransomware intrusion.

Organisations are encouraged to provide guidance through internal channels; further guidance on phishing can be found here.


Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).


Article: Emotet continues to adapt techniques to evade detection - published about 2 years ago.

https://www.emcrc.co.uk/post/emotet-continues-to-adapt-techniques-to-evade-detection   
Published: 2022 10 20 14:34:49
Received: 2022 10 24 15:53:43
Feed: The Cyber Resilience Centre for the East Midlands
Source: National Cyber Resilience Centre Group
Category: News
Topic: Cyber Security
Views: 0

Custom HTML Block

Click to Open Code Editor