The new Verizon 2019 Data Breach Investigations Report (DBIR) finds cyberespionage “is rampant in the public sector.” Verizon reports the number of espionage-driven breaches that government agencies suffered jumped 168 percent year over year, driven primarily by state-affiliated actors who accounted for 79 percent of all breaches involving external actors. The U.S. Department of Homeland Security (DHS) warns the Emotet Banking Trojan has proven to be a popular choice among attackers who target public sector organizations because it can slip past traditional endpoint security solutions.
But as one of Nyotron’s government sector customers discovered, Emotet can’t avoid PARANOID.
What is Emotet?
Emotet an advanced polymorphic Banking Trojan – it can change every time it is downloaded to avoid signature-based detection. According to a DHS alert:
“Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors… Its worm-like features result in rapidly spreading network-wide infection, which are difficult to combat. Emotet infections have cost SLTT governments up to $1 million per incident to remediate.”
It starts with a simple phishing email. Phishing may be an old school tactic, but Verizon states the typical organization received more than 90 percent of their detected malware through email messages. One-third of all breaches involved phishing, and nearly 80 percent of all cyberespionage-related incidents leveraged phishing.
Emotet vs. PARANOID
Recently, one of our government sector customers found itself in Emotet’s crosshairs. The malware’s “shape-shifting” ability enabled it to evade the agency’s McAfee antivirus solution.
Unfortunately, malware defeating antivirus products is not unusual – Nyotron’s Research Team tested almost 60,000 known malware samples against AV products from three major well-respected vendors and found that AV efficacy against known malware can drop to as low as 33.8 percent.
Fortunately, this government organization had also deployed PARANOID, which represents the evolution of Endpoint Detection and Response (EDR). PARANOID not only detects malware attacks that slip past “frontline” endpoint security products, but also prevents them from doing any damage (e.g., data encryption, exfiltration). This is critical to any organization’s ability to eliminate malware dwell time – the Verizon DBIR found more than half (56 percent) of data breaches took months or longer to discover.
Check out this short video to learn how PARANOID works to stop any type of threats old or new: Who is Nyotron?