Financial Trojan EMOTET Uses Network Sniffing to Multiply its Misery - Siouxland News - KMEG 14 and FOX 44

Financial Trojan EMOTET Uses Network Sniffing to Multiply its Misery

Posted:

This article was originally distributed via PRWeb. PRWeb, WorldNow and this Site make no warranties or representations in connection therewith.

SOURCE:

With just one member of an organization falling for the phishing scam that delivers the EMOTET Trojan, everyone and everything on the network they are connected to can be put at risk. Global Digital Forensics founder discusses what organizations can do to raise social engineering awareness to protect against these type of malware infiltrations, while at the same time helping to secure other critical aspects of their cyber security posture.

New York, NY (PRWEB) July 05, 2014

Earlier this week, reports started surfacing about a new banking Trojan dubbed EMOTET making the rounds, like this June 30th report in Security Week. But unlike run-of-the-mill banking Trojans that employ keyloggers, screen captures, dummy website phishing portals and other means to capture sensitive banking information, EMOTET goes even further by leveraging network sniffing to propagate to other systems and devices connected to the same network as the compromised user. It also cleverly uses DLL files to store the information that is to be sent back to the attackers and to help cover its tracks so the user is oblivious to its presence.

This allows for an attacker to monitor and capture digital information, even if its being sent through a normally secure connection, said Joe Caruso, CEO/CTO and founder of Global Digital Forensics (GDF), a premier provider of cyber security solutions, putting financial data at great risk.

I Spy Everything

As information travels across the network, its possible to "grab" that information, explains Caruso, so when hackers employ network sniffing in their malware design, it basically gives them the ability to sniff out the information and data moving across the network, even using normally secure HTTPS protocol, which could include information on other devices on the network, passwords, usernames, sites visited and virtually anything else users on the network are doing. Its like a Hollywood heist movie where the bad guys splice into the security system and can see everything all the internal security cameras see without the guards having a clue. With the way they designed EMOTET to use DLL files, or overlay files, which no typical user ever pays attention to, it lets them not only store information like Web addresses of financial sites they are looking for a match to in order to trigger certain aspects of the payload, but also lets them evade detection so they can sit on the line undisturbed and undetected until the information they are after comes along. Then its just a matter of getting the detected information captured and sent back to the command and control module, which can be done in any one of a number of ways.

Dont be fooled by geography

According to the report, right now the European theater is being mostly affected, with Germany seeing the most action; even the phishing emails used are predominantly in German. But dont let geography or language lull you into a false sense of security, Caruso warned, think of it like a deadly virus outbreak. What may have started with a handful of infected individuals in a small village in China or Africa can make its way across oceans in a matter of hours by plane with just one infected passenger and start spreading like wildfire wherever they land. With the Internet, travel time isnt counted in hours; its counted in fractions of a second, and the landing strip is right in your home or office. When hackers have success like theyve been having with EMOTET, you can bet they will find a way to tweak their phishing scheme and payload to maximize success in other countries as well. So dont discount the threat it poses right here at home just because it seems to have made its debut overseas.

Social Engineering is a hackers favorite tool

Our GDF emergency response teams are on call 24/7, and have been called in to handle countless cyber emergencies for organizations of all sizes. And if one thing bears repeating as often as possible, its that most successful advanced attacks start with a simple phishing email, says Caruso. You can have all the firewalls, virus scanners and other technology you want in place to thwart cyber attacks, and they do a great job in a great many cases to stop simple attacks, but the ones that make headlines and cause great turmoil for even some of the largest and most recognized companies on the planet can most often be traced back to a simple phishing or spear phishing email, which lets an attacker get a foothold on the network. The reasoning behind it is simple; if a hacker can muster enough trust in a well-crafted email by personalizing it enough to make sense to the target, human nature takes over and it gets opened, bypassing all the security measures in place to stop brute force attacks and such. Even simple curiosity can be costly, and it wont bode any better for the organization than it did for the cat. Well take on the role of real-world hackers to shine a spotlight on a clients weaknesses and raise awareness enterprise wide. Well even gather publicly available information that any hacker would have access to and launch a realistic phishing or spear phishing campaign, complete with a legitimate looking dummy website to entice users to divulge their credentials to us. When the smoke clears, we always have the user credentials hackers covet, and the lesson really sticks when we catch folks red-handed. In todays digital age, its an invaluable lesson to learn in a way that doesnt have all the grave consequences a real attack would.

Test, identify and respond

Regular vulnerability assessments and penetration testing are paramount for organizations to survive todays cyber threat landscape, Caruso cautions. By letting cyber security specialists like ours at GDF review, test and identify an organizations weaknesses on the cyber front, we can put together a remediation plan that will help any client significantly strengthen their cyber security posture. And since weve been at this for such a long time, our experience translates into streamlined, cost-effective solutions that not only fit our clients unique needs like a glove, but we also get the job done in the most efficient and cost-effective manner possible by not including solutions that simply arent needed for their situation. We take the time to understand the entire digital landscape and the data lifecycle of our clients ESI (Electronically Stored Information) and other digital assets, and that lets us offer plans and assistance which make a real difference, and not just techie sounding offerings, which serve no other real purpose other than inflating their bill unnecessarily.

Cyber security solutions tailored to fit

*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply dont need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so dont hesitate to get help. For more information, visit http://www.evestigate.com.

For the original version on PRWeb visit: http://www.prweb.com/releases/2014-Financial-Trojan/EMOTET-Banking-Malware/prweb11997575.htm

Information contained on this page is provided by an independent third-party content provider. WorldNow and this Station make no warranties or representations in connection therewith. If you have any questions or comments about this page please contact pressreleases@worldnow.com.

Powered by WorldNow

Siouxland News
100 Gold Circle
Dakota Dunes, SD 57049

Main Phone: 712-277-3554
Main Fax: 712-255-5250
Email: webmaster@siouxlandnews.com

Powered by WorldNow
All content © Copyright 2000 - 2009 WorldNow and Sinclair Communications, LLC. All Rights Reserved.
For more information on this site, please read our Privacy Policy and Terms of Service.