Gigamon Inc. (“Gigamon”), the essential element of security infrastructure, providing pervasive visibility to network traffic across physical, virtual, and cloud environments, announced the release of the latest research report from Gigamon Applied Threat Research (ATR), How the Most Prolific Malware Traversed Your Network Without Your Knowledge. Based on observed attack data over the second half of 2018 (2H 2018), the report reveals the command-and-control and lateral activities of three highest-volume malware, Emotet, LokiBot, and TrickBot. ATR also highlights effective methodologies to proactively combat these cybersecurity threats.
The data and analysis bring to light threat-actor behaviour and provides a high-level look at the technical methods they use to accomplish their objectives. Key findings in the report include:
Emotet campaigns surged in November and December and represented 45.9% of observed attacks during 2H 2018. This is an increase in proportion from the 1H 2018 observations. Those campaigns included significant changes and experimentation in technical details but a continued use of many network techniques that introduce opportunity for detection.
LokiBot represented 11.6% of observed samples in 2H 2018 and the most diverse attachment types used for initial infection. Despite this, the network behaviors remain simplistic highlighting the clear value of pervasive network visibility.
TrickBot was 10.4% of observed attacks during 2H 2018 remaining steady in comparison to 1H 2018.
All three families of the successful malware show network activity and behaviours that can be rapidly detected with pervasive network visibility along with an understanding of adversary methodologies gained through intelligence efforts.
As illustrated throughout this report, unsophisticated yet high volume criminally motivated attacks can move throughout your network without your knowledge and cause significant damage and cost to enterprises. To shift the balance from the attackers to the defenders, we must:
Be dedicated to studying the behaviour of successful threats.
Apply what we have learned to create a robust set of indicators and detection mechanisms.
Leverage these new indicators and detection mechanisms across comprehensive network visibility.
“While these high-volume threats are well discussed in the security industry, and are seemingly novel, Emotet, Lokibot, and TrickBot still succeed in impacting enterprises around the world, causing significant damage,” said Justin Warner, Director of Applied Threat Research for Gigamon. “It is our desire to share a threat focused methodology in approaching security operations and apply it to these prolific threats. Our goal is to empower security teams to be more prepared to detect and respond to this malicious activity, and others that share or recycle similar technical methods.”