Price List: £30.00
Only for today on Amazon: £17.12
- Join Bromium for a technical deep dive webinar on Wednesday, June 12 at 10am PDT/1pm EDT
- Learn about Emotet – a highly-modular banking Trojan, which has evolved into a polymorphic malware
- Featuring guest speaker Robert Bigman, former CISO at the CIA and James Wright, VP Engineering and Threat Research at Bromium
Register Now: Emotet Webinar: June 12 at 10am PDT / 1pm EDT
Emotet is the most prolific malware that Bromium has seen in customer environments in recent months. It was originally created as a banking Trojan but is rapidly evolving info a polymorphic, full-scale distribution network for malware, which evades most detection-based security solutions.
Emotet has become a major threat, prompting the US Department of Homeland Security to issue an alert, noting that Emotet is extremely difficult to combat and can cost organizations up to $ 1M per incident.
Join Bromium for an Emotet technical deep-dive webinar on Wednesday, June 12 at 10am PDT/1pm EDT, featuring guest speaker Robert Bigman, former CISO at the CIA, and James Wright, VP Engineering and Threat Research at Bromium.
- Using advanced threat intelligence captured in Bromium isolation, this webinar will share the full kill chain of Emotet attacks as the user would experience it
- Robert Bigman will address the nature of emerging attacks and the dangers they post to today’s enterprise
- Learn how you can protect your organization from Emotet and other polymorphic malware
If you can’t attend the live webinar, register to receive the on-demand webinar replay.
Hope to see you on June 12th, and don’t hesitate to contact us if you have any questions in the meantime.
The post June 12 Webinar, Emotet: Taming a Wild Trojan appeared first on Bromium.
- On June 12, we hosted a deep-dive technical webinar on Emotet, featuring Robert Bigman, former CISO at the CIA, and James Wright, VP Engineering and Threat Research at Bromium
- In this blog, we answer your Emotet questions submitted during the webinar
- If you missed the webinar, you can listen to it on-demand, embedded at the end of this post
On June 12, Robert Bigman, former CISO at the CIA, and myself, James Wright, VP Engineering and Threat Research at Bromium, presented a deep-dive webinar on Emotet – a fast-spreading polymorphic Trojan that easily evades conventional detection tools and techniques. In the webinar, we covered the evolution of Emotet, explained its invasion methods and social engineering techniques, examined its disguise tricks, and assessed potential damage that Emotet can do to corporations once it takes hold.
During the webinar, we received a number of questions, pertaining to both Emotet and Bromium application isolation. Below is the summary of the Q&A session, including questions that we did not have time to answer on the call. As always, we invite you to continue the dialog. If you have any follow-up Emotet questions or would like to learn more about how Bromium can protect your organization from Emotet and other types of attacks, use the comments section at the bottom of this blog, or contact us.
Now, to your Emotet questions:
Which companies are most likely to get hit with Emotet? Does it target specific verticals?
James Wright, Bromium: Emotet is rather far-reaching, and it’s one of the few campaigns that we witness across many geographies and types of machines – from consumer to the government. Most malware types that typically target consumers don’t get very far with reaching government endpoints; and most of the sophisticated nation-state malware doesn’t show up on consumer PCs.
Emotet, on the other hand, appears everywhere, across all types of endpoints. Interestingly, the second and third stages of the attack vary depending on the type of machine – there’s evidence that suggests that Emotet tries to identify which machine it has landed on, then decides how to behave from that point on. If it appears that it has infected a consumer machine, it may choose to leave behind a piece of ransomware; if it knows it has landed on a high-value machine, it could decide to hold on to it and search for additional information.
Robert Bigman: I have been seeing Emotet infections in Europe, specifically Germany and France, and most recently here in the US. We are also seeing indicators that Emotet mostly targets large financial and insurance corporations – it goes after organizations that manage large sums of money.
Where does Emotet originate from, and which groups are deploying it?
Wright: While it’s hard to precisely determine the origin of Emotet, we suspect, because of its commercial nature, that it’s likely created by a criminal gang. There’s some limited evidence that suggests that initially it came from Eastern Europe.
Bigman: No smoking gun, but it looks to us that it’s the work of a Russian cybercriminal.
What file types are being used to spread Emotet?
Wright: We are seeing multiple variants and versions of Word documents as a primary payload. We also see PDFs, as well as zip files that come in as attachments, then cause a Word document to get downloaded.
What’s the best way to detect Emotet and how does Bromium do it?
Wright: Bromium doesn’t really focus on “detection” from the security point of view. We care about identifying the malware so we can gather intelligence, but if we don’t detect it, it stays in the virtual machine, without causing any harm to the endpoint or the network.
Our method for identifying the malware is based on behavior: the virtual machine that the malware is running in is supposed to be doing just one job, such as reading a Word document, and it becomes obvious that something is wrong when random executables begin to appear. A host machine that’s not protected by Bromium is running multiple processes at the same time, and it’s not quite so easy to detect that something suspicious may be going on.
How does Bromium compare to EDR solutions?
Wright: EDR (endpoint detection and response) is an excellent tool, and its detection methods are very behavioral. It’s like a flight recorder on an airplane – the recording happens in the background, and if something bad happens, you have lots of data available for analysis and review.
When you put EDR is pure detection mode, to some extent, the endpoint becomes sacrificial – in order to see what’s going on, you have to let the attack play out and cause actual harm to the machine. You will certainly get some intelligence from that, but then you would have to perform remediation on that endpoint, and you often have a very limited amount of time before malware begins to spread. You can also run EDR in a “blocking” mode – when you see the behavior get to a certain point, you can stop the execution, which used to work well until the bad guys figured out how to outsmart it.
The difference with the isolation technology is that we are still doing the behavior-based detection, but the whole thing is isolated inside a single-use virtual machine. The user is not aware of anything bad happening and is not interrupted in their workflow, but you can let the whole thing play out, and it won’t do any harm, because it can’t get out of the VM.
Is Bromium a cloud or on-premise management solution?
Kimberly Becan, Director of Product Marketing, Bromium: There’s a lot of flexibility on how organizations can deploy Bromium: on-premise, on a private cloud, or via our managed cloud service offering. And all the intelligence and analysis that was covered in today’s webinar is available to you regardless of which deployment option you select.
Is there a Bromium solution for consumer use?
Wright: While Bromium Secure Platform is primarily an enterprise tool, through our partnership with HP, there’s an HP-branded variant of our software called SureClick, and it’s included with various models of HP laptops.
Looking for more information on Emotet? Check out Bromium’s technical Emotet blogs.
- Subscribe: Bromium technical blogs to receive an email update when technical blogs are posted (does not include company news or other blogs)
Emotet: Taming a Wild Trojan webinar on-demand
Beyond Emotet: Bromium Threat Research
Looking for similar threat intelligence and research? Check out the Bromium Threat Insights Report. These reports highlight the top threats that Bromium Labs uncovered each month, and are available to everyone – no form required.
The post Answering Your Emotet Questions from the Webinar, Emotet: Taming a Wild Trojan appeared first on Bromium.
A new Android Trojan that uses website notifications to redirect users to scam and fraudulent sites has been discovered by security researchers on Google’s Play Store. […] BleepingComputer