These days, cyber threats seem to pose a greater destruction than other forms of crime. On this session, Joshua Traynor and Christopher Satanek from the Multi-State Information Sharing and Analysis Center (MS-ISAC) zeroes in on Emotet. Emotet is one of the most destructive type of malware that’s been observed to attack state, local, tribal, and territorial (SLTT) governments.
Joshua Traynor is a Senior Cyber Intelligence Analyst, while Christopher Satanek is a Cyber Intelligence Analyst, for the CIS MS-ISAC. They specialize in tracking malware threats and providing analysis support for partner SLTT government agencies on threat prevention and response.
Josh and Chris take turns discussing Emotet’s history, anatomy, dangers, and prevention. Some of the areas they focused on include:
- The characteristics of Emotet, and the risks it poses to its victims.
- The Patient Zero case study that looks into how Emotet gets into a device, infiltrates and infects the whole network, and gains access to data and other confidential information.
- The most common motivations behind an Emotet attack such as financial gain, system access, and information theft.
- The organized and sophisticated operation behind an Emotet attack.
- A brief history of Emotet, and the improvement and updates that come with each new version.
- The anatomy of an Emotet attack that segments an attack into four phases where:
- The infection starts through a spoofed email containing a malicious link or file attachment.
- Emotet establishes persistence oblivious to the user.
- The instructions phase where Emotet starts collecting sensitive information and details, and establishes remote command and control.
- Network propagation where email platforms, browsers, and passwords are scraped and information is stolen.
- Recommendations on how to mitigate the damage post-infection and prevent future attacks.
- Questions raised by the webinar participants concerns:
- Training resources for phishing.
- Understanding what an SMB is and what it does.
- The sophisticated and opportunistic nature of Emotet.
- The geographical extent of Emotet attacks.
- Searching the URLs for clues on whether a link is legitimate or malicious.
- How the data scraped from the attack is being exploited.