EP03: The Reemergence of Emotet and Why Botnets Continue to Return
You are currently viewing a placeholder content from Libsyn. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.
More InformationWelcome back to the Security Swarm Podcast! In this episode, our host Andy Syrewicze talks with Umut Alemdar, Head of Security Lab here at Hornetsecurity, about the reemergence of Emotet and the pervasiveness of botnets. Why do they keep coming back?
Emotet, a well-known botnet for spreading malware and stealing personal information, had been dormant since December before reappearing in March 2023 with new tactics and capabilities. The Botnet has a modular architecture that allows threat actors to include any kind of payload that gets executed on the victim’s device.
Tune in to hear Andy and Umut discuss the attack chain of Emotet, how it has evolved and the risks it may pose to your organization. They also explore why botnets such as Emotet persist despite efforts to shut them down.
Timestamps:
1:58 – What is Emotet?
6:25 – Emotet’s Attack Chain
12:20 – How do Botnets continue to return?
14:44 – How can organizations guard against botnets like Emotet?
Episode resources:
Hornetsecurity Article Regarding Emotet
Hornetsecurity CyberSecurity Roundtable Discussion
Andy on LinkedIn, Twitter, Mastadon
Emotet Malware Returns: Cyber Security Experts Weigh In
Since its inception, Emotet has continued to evolve constantly, adding new evasion techniques and increasing the probability of successful infections. It can also host a range of modules, each used for different aspects of the information theft reporting to their command and control servers.
The Emotet is not a threat to be taken lightly; as seen in the past, it can grow into a monstrous scope. The rollback may also cause an increase in ransomware attacks, as Emotet has been known to release various ransomware in the past.
Anyone can be affected by Emotet. Always be careful when opening email attachments, regardless of file type. Ensure to carefully read all security pop-ups when you are asked to enable something on your machine manually. Still, you cannot be 100% sure without proper Advanced Threat Protection that will address any security concerns you may have.
