Q&A

Nastiest Malware 2019 - Live Q&A

  • 13 November 2019
  • 10 replies
  • 1167 views
Nastiest Malware 2019 - Live Q&A
Userlevel 7
Badge +48
  • Community and Advocacy Manager
  • 1482 replies

Welcome to our Nastiest Malware Q&A with Tyler Moffitt. 

Today we’ll be answering your questions on our latest Nastiest Malware report. If you’ve got any questions for Tyler, please go ahead and ask below!


This topic has been closed for comments

10 replies

Userlevel 7
Badge +48

To get us kicked off, I received a message from Athanasios M.

how botnets infiltrate local networks?

Badge

What malware should we as a company that should be more worried about being IT service 

Userlevel 7
Badge +48

Ok, next question from Argiris F.

a few tips on user training for malware awareness

Userlevel 6
Badge +12

To get us kicked off, I received a message from Athanasios M.

 

how botnets infiltrate local networks?

 

 

 

Well it depends on the type of botnet. The most popular botnet is the Emotet malware. That is specifically designed to infect Windows computers. Usually, they are infected through a macro-enabled document from a phishing email. Usually saying “you’ve missed a package” or “you’re being sued” ect. From their they payload will move laterally throughout the network to try and infect as many machines as possible. This also will allow the payloads to analyze the environment and what type of final stage payload should be used - Ransomware, cryptomining, keyloggers, ect. Most popular secondary payloads for ransomware are Dridex into Bitpaymer or Trickbot into Ryuk. There are other types of botnets though that will serve only one purpose like DDOS and for those, the types of devices needed to infect are much less restrictive. Mirai botnet would take over routers, IP cameras, DVRs, and IoT devices like that just using common firmware passwords that people never change. Once logged into they use them for DDOS attack for hire. Hope this helps

Userlevel 7
Badge +48

Next question from Asad P.

 

What do you do if you're fallen a victim of Ransomware and potentially lose money?

 

Userlevel 6
Badge +12

What malware should we as a company that should be more worried about being IT service 

 

The human that clicks things they should not :grinning:

 

But seriously the most common infection vector is through phishing email links or attachments. Beyond a REALLY GOOD education and phishing simulations….Disable macros, powershell and other unused script file types to make sure employees don’t infect themselves. 

 

Also RDP. Lock that down and don’t use the default windows one. Use something that encrypts the traffic and has multi-factor authentication

Userlevel 6
Badge +12

Next question from Asad P.

 

What do you do if you're fallen a victim of Ransomware and potentially lose money?

 

It depends really on what data was encrypted. Is this mission-critical work information? Is this baby pictures and wedding photos? Was any of this data backed up? The question is how prepared were you.

 

If you are facing a real material loss, then it’s only natural to consider paying the ransom. If you do pay the ransom then you almost certainly will get your files back, but you lose time and money.

 

If you have a reliable back up solution, or have figured out that you can make due with the loss, then the best idea is to remove the infection or reimage the machine. Make sure to gather what information you can from where the infection came from like through an exploit, or RDP, or through some malware payload dropped from a phishing email. Then make sure to reeducate the user who clicked what they shouldn’t have, or patch the exploit or protocol that was abused. 

 

Userlevel 7
Badge +48

Ok everyone, we only have a few minutes left. If you ask Tyler a question and he doesn’t get to it, we’ll do our best to answer it over the next couple of days.

Userlevel 6
Badge +12

Ok, next question from Argiris F.

 

a few tips on user training for malware awareness

 

 

Make sure to get a training solution that not only does the annual best practices courses and compliance courses, but also PHISHING SIMULATION. It’s proven that when you regularly phish your employees and hold them accountable when they fail, they will improve. There will of course always be those repeat offenders that fail no matter what. The question is then how much permissions and access does that person have.

Userlevel 7
Badge +48

Thank you to everyone who asked a question today and who participated. Let us know if you’d like to see more of these in the future! 

Also, a HUGE THANK YOU to@TylerM for sitting down with us and answering these great questions.