Virtualization Technology News and Information
Gigamon ATR Examines How Prolific Cyberthreats Traverse Networks and What You Can Do About It

Gigamon Inc., the essential element of security infrastructure, providing pervasive visibility to network traffic across physical, virtual, and cloud environments, today announced the release of the latest research report from Gigamon Applied Threat Research (ATR), How the Most Prolific Malware Traversed Your Network Without Your Knowledge. Based on observed attack data over the second half of 2018 (2H 2018), the report reveals the command-and-control and lateral activities of three highest-volume malware, Emotet, LokiBot, and TrickBot. ATR also highlights effective methodologies to proactively combat these cybersecurity threats.

The data and analysis bring to light threat-actor behavior and provides a high-level look at the technical methods they use to accomplish their objectives. Key findings in the report include:

  • Emotet campaigns surged in November and December and represented 45.9% of observed attacks during 2H 2018. This is an increase in proportion from the 1H 2018 observations. Those campaigns included significant changes and experimentation in technical details but a continued use of many network techniques that introduce opportunity for detection.
  • LokiBot represented 11.6% of observed samples in 2H 2018 and the most diverse attachment types used for initial infection. Despite this, the network behaviors remain simplistic highlighting the clear value of pervasive network visibility.
  • TrickBot was 10.4% of observed attacks during 2H 2018 remaining steady in comparison to 1H 2018.
  • All three families of the successful malware show network activity and behaviors that can be rapidly detected with pervasive network visibility along with an understanding of adversary methodologies gained through intelligence efforts.

"While these high-volume threats are well discussed in the security industry, and are seemingly novel, Emotet, Lokibot, and TrickBot still succeed in impacting enterprises around the world, causing significant damage," said Justin Warner, Director of Applied Threat Research for Gigamon. "It is our desire to share a threat focused methodology in approaching security operations and apply it to these prolific threats. Our goal is to empower security teams to be more prepared to detect and respond to this malicious activity, and others that share or recycle similar technical methods."

ATR has the mission to dismantle the adversary's ability to impact our customers through world-class threat research. The team consists of expert analysts, detection engineers, and security researchers who discover emerging threat activity, engineer detection capabilities for Gigamon, and advance the state of our products to maintain the advantage against threats.

Click here for a full copy of How the Most Prolific Malware Traversed Your Network Without Your Knowledge and check out the Gigamon Insight page to learn how to effectively start securing your organization.

Published Thursday, February 28, 2019 9:51 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<February 2019>