- Joined
- Jun 28, 2020
- Messages
- 6,728
- Reaction score
- 718
- Points
- 212
- Awards
- 2
The reason for the compromise was one of the employees who opened a phishing email with a malicious attachment.
During one of the malicious campaigns, Emotet software shut down the computer network of an unnamed organization. As said Microsoft, malfunction was caused by an increase in the maximum load on the CPU devices running Windows and disconnecting internet connections.
“The malware avoided detection by antivirus solutions thanks to regular updates from a C&C server controlled by cybercriminals and spread through systems, causing network outages and disabling main services for almost a week,” Microsoft said.
The reason for the compromise was one of the organization’s employees who opened a phishing email with a malicious attachment, thereby transmitting credentials to attackers. Five days later, Emotet was downloaded and launched on the organization’s systems. The malware was quietly spreading over the network, stealing the credentials of administrators and authenticated on new systems, which were subsequently used to hack other devices.
Despite the efforts of the team of IT-specialists of the organization, in 8 days the entire network failed due to overheating, freezes and computer reboots, as well as due to the slowdown of Internet connections.
A team of specialists from Microsoft was able to stop the spread of infection using resource controls and buffer zones designed to isolate assets with administrator rights. In the end, she was able to completely eliminate Emotet after downloading new antivirus signatures and deploying special solutions to detect and remove malware.
Microsoft recommends using email filtering tools to automatically detect and stop phishing emails spreading Emotet infections, as well as using multi-factor authentication, preventing cybercriminals from using stolen credentials.
During one of the malicious campaigns, Emotet software shut down the computer network of an unnamed organization. As said Microsoft, malfunction was caused by an increase in the maximum load on the CPU devices running Windows and disconnecting internet connections.
“The malware avoided detection by antivirus solutions thanks to regular updates from a C&C server controlled by cybercriminals and spread through systems, causing network outages and disabling main services for almost a week,” Microsoft said.
The reason for the compromise was one of the organization’s employees who opened a phishing email with a malicious attachment, thereby transmitting credentials to attackers. Five days later, Emotet was downloaded and launched on the organization’s systems. The malware was quietly spreading over the network, stealing the credentials of administrators and authenticated on new systems, which were subsequently used to hack other devices.
Despite the efforts of the team of IT-specialists of the organization, in 8 days the entire network failed due to overheating, freezes and computer reboots, as well as due to the slowdown of Internet connections.
A team of specialists from Microsoft was able to stop the spread of infection using resource controls and buffer zones designed to isolate assets with administrator rights. In the end, she was able to completely eliminate Emotet after downloading new antivirus signatures and deploying special solutions to detect and remove malware.
Microsoft recommends using email filtering tools to automatically detect and stop phishing emails spreading Emotet infections, as well as using multi-factor authentication, preventing cybercriminals from using stolen credentials.