TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Still Top Gun? What Tom Cruise’s new movie tells us about American power

    May 29, 2022

    The jubilee curse: a week of boorish republicanism

    May 29, 2022

    Marble Hill: coming to terms with the troubled history of a Palladian mansion

    May 28, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Star Wars: Knights of the Old Republic II is coming to Switch

      May 28, 2022

      Twitter Circle is starting to roll out to more users

      May 28, 2022

      The new Ayn Loki handheld runs Windows and starts at $299

      May 28, 2022

      Save $70 on the M1-powered iPad Air with 256GB storage

      May 28, 2022

      Comcast received a patent for this smart speaker design, but will it ever be released?

      May 28, 2022
    • Business
    • Cyber Security

      How the manufacturing sector can protect against cyberattacks

      May 27, 2022

      Data shows regulatory password compliance falls short

      May 27, 2022

      What good is visibility without enforcement?

      May 27, 2022

      Former CIA CISO Michael Mestrovich named CISO at Rubrik

      May 26, 2022

      10 tips to develop cybersecurity knowledge within organizations

      May 26, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»WiFi: A New Way to Spread Emotet Malware
    Cyber Security

    WiFi: A New Way to Spread Emotet Malware

    February 11, 2020Updated:February 11, 2020No Comments4 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Cybercrime
    ,
    Fraud Management & Cybercrime
    ,
    Fraud Risk Management

    Researchers Say Trojan’s Developers Devising Ways to Spread Trojan to More Devices

    Akshaya Asokan (asokan_akshaya) •
    February 11, 2020    

    The developers of the Emotet Trojan have created a new way to spread it to more victims, security firm Binary Defense reports. Attackers are using unsecured WiFi networks as a way to deliver the malware to more devices.

    See Also: Three Proven Methods for Implementing a Continual Threat Hunting Program

    Since Emotet resurged in late 2019, its creators have relied on a variety of methods to help spread their malware to more victims. Most of these methods, involve phishing emails with attached Microsoft documents that contain malicious macros that help deliver the malware to a targeted device (see: Fake Coronavirus Messages Spreading Emotet Infections).

    The malware can also spread from one device to another by creating a botnet that helps deliver additional spam and emails, according to the Binary Defense researchers.

    But now, the researchers have found that some versions of Emotet can be spread across an unsecured WiFi network by taking advantage of weak passwords and other security flaws. While these types of infections are rare, it’s important to keep an eye on how the Trojan’s creators are attempting new methods, James Quinn, threat researcher and malware analyst for Binary Defense, notes in the report.

    “With this newly discovered loader-type used by Emotet, a new threat vector is introduced to Emotet’s capabilities,” Quinn writes. “Previously thought to only spread through malspam and infected networks, Emotet can use this loader-type to spread through nearby wireless networks if the networks use insecure passwords.”

    WiFi Connection

    Some Emotet samples in campaigns leveraging WiFi that researchers examined in January contained a timestamp dated April 16, 2018, which suggests that the capability to spread the malware through poorly secured WiFi networks may have gone unnoticed until now, according to the report.

    In these campaigns, once attackers infect a device with the Trojan, it starts to download what the researchers call a WiFi spreader module, which contains two binaries, according to the report. One of these binaries, called worm.exe, begins to list all the WiFi-enabled devices that are connected with the infected device.

    The binary also extracts a list of reachable wireless networks using the wlanAPI interface found in later versions of Microsoft Windows, according to the report. This interface helps manage WiFi connections and network profiles in some versions of Windows.

    Once the list of all WiFi networks and devices is gathered, the binary then begins to use a brute force attack to guess the usernames and passwords of the wireless networks, looking for one it can crack, according to the report. The Emotet malware has an internal list of passwords that it uses as part of this brute force attack, the report adds.

    How the Emotet WiFi spreader module works (Source: Binary Defense)

    If successful, the malware “sleeps” for about 14 seconds and connects back to the command-and-control server to receive further instructions, according to the report.

    Once the connection is established, the worm.exe binary then begins a second series of brute force attacks, the researchers found. It attempts to guess passwords for devices, such as PCs and servers, which are connect to the infected WiFi network in an attempt to gain a further foothold, according to the report. If successful, a second binary, called service.exe, is installed and calls back to the command-and-control server, and then Emotet is installed on the newly accessed device, the report notes.

    Password Protection

    IT and security teams should take the time to create stronger passwords for WiFi networks to ensure that these brute force attacks are less likely to be successful, the researchers recommend.

    “Detection strategies for this threat include active monitoring of endpoints for new services being installed and investigating suspicious services or any processes running from temporary folders and user profile application data folders,” Quinn notes. “Network monitoring is also an effective detection, since the communications are unencrypted and there are recognizable patterns that identify the malware message content.”





    Source link

    Digitpol
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    How the manufacturing sector can protect against cyberattacks

    May 27, 2022 Cyber Security

    Data shows regulatory password compliance falls short

    May 27, 2022 Cyber Security

    What good is visibility without enforcement?

    May 27, 2022 Cyber Security

    Former CIA CISO Michael Mestrovich named CISO at Rubrik

    May 26, 2022 Cyber Security

    10 tips to develop cybersecurity knowledge within organizations

    May 26, 2022 Cyber Security

    Chicago Public Schools suffers massive data breach affecting student, staff data

    May 26, 2022 Cyber Security
    Editors Picks

    The jubilee curse: a week of boorish republicanism

    May 29, 2022

    Marble Hill: coming to terms with the troubled history of a Palladian mansion

    May 28, 2022

    Star Wars: Knights of the Old Republic II is coming to Switch

    May 28, 2022

    G7 urges Opec to boost output to cool oil market

    May 28, 2022
    Trending Now

    How Kurdish group became security flashpoint for Erdoğan and the west

    By techbizweb

    Save $70 on the M1-powered iPad Air with 256GB storage

    By techbizweb

    EY break-up plan may trigger radical reshaping of the Big Four

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2022 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.