• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
Microsoft: Emotet Took Down a Network by Overheating All Computers

Microsoft: Emotet Took Down a Network by Overheating All Computers

November 24, 2020
Innovative solutions for IT workers at home

BitDam Offers Complete Security for Office 365 Email, OneDrive and Teams With The Introduction of BitDam ATP+

March 2, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft to add new shared channels, encryption for calls, webinar features to Teams

March 2, 2021
Microsoft Declares ‘General Availability’ of Threat Experts Security Service

Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

March 1, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

Enterprise Key Management Solution Market 2021 Industry Growth Analysis, Future Predictions, SWOT Analysis, By Top Players- EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

March 1, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Intel Calls Silicon ‘Greatest Weapon Against Security Threats’

March 1, 2021
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Cloud Security in Banking Market Next Big Thing | Major Giants- Sophos, Boxcryptor, Microsoft Azure

March 1, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Cloud Announces Three New Vertical Cloud Solutions

February 26, 2021
Innovative solutions for IT workers at home

Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

February 26, 2021
Innovative solutions for IT workers at home

What is database encryption?

February 26, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Releases Azure Firewall Premium in Public Preview

February 26, 2021
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

February 25, 2021
8×8 makes raft of updates to platform

Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

February 25, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Wednesday, March 3, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    Innovative solutions for IT workers at home

    BitDam Offers Complete Security for Office 365 Email, OneDrive and Teams With The Introduction of BitDam ATP+

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Cloud Security in Banking Market Next Big Thing | Major Giants- Sophos, Boxcryptor, Microsoft Azure

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Microsoft Cloud Announces Three New Vertical Cloud Solutions

    Innovative solutions for IT workers at home

    Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

    Innovative solutions for IT workers at home

    What is database encryption?

    A moment of reckoning: the need for a strong and global cybersecurity response

    Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

    Innovative solutions for IT workers at home

    ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

    A moment of reckoning: the need for a strong and global cybersecurity response

    ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

    Innovative solutions for IT workers at home

    SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft to add new shared channels, encryption for calls, webinar features to Teams

    Microsoft Declares ‘General Availability’ of Threat Experts Security Service

    Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

    Microsoft To Build New Azure Cloud Data Centers In Greece

    Enterprise Key Management Solution Market 2021 Industry Growth Analysis, Future Predictions, SWOT Analysis, By Top Players- EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Intel Calls Silicon ‘Greatest Weapon Against Security Threats’

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Releases Azure Firewall Premium in Public Preview

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

    8×8 makes raft of updates to platform

    Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

    Microsoft To Open Azure Cloud Data Center Region In Spain

    EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home Tech

Microsoft: Emotet Took Down a Network by Overheating All Computers

by AZURE SECURITY NEWS EDITOR
November 24, 2020
in Tech
0
Microsoft: Emotet Took Down a Network by Overheating All Computers
492
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

Microsoft says that an Emotet infection was able to take down an organization’s entire network by maxing out CPUs on Windows devices and bringing its Internet connection down to a crawl after one employee was tricked to open a phishing email attachment.

“After a phishing email delivered Emotet, a polymorphic virus that propagates via network shares and legacy protocols, the virus shut down the organization’s core services,” DART said.

“The virus avoided detection by antivirus solutions through regular updates from an attacker-controlled command-and-control (C2) infrastructure, and spread through the company’s systems, causing network outages and shutting down essential services for nearly a week.”

All systems down within a week

The Emotet payload was delivered and executed on the systems of Fabrikam — a fake name Microsoft gave the victim in their case study — five days after the employee’s user credentials were exfiltrated to the attacker’s command and control (C&C) server.

Before this, the threat actors used the stolen credentials to deliver phishing emails to other Fabrikam employees, as well as to their external contacts, with more and more systems getting infected and downloading additional malware payloads.

The malware further spread through the network without raising any red flags by stealing admin account credentials authenticating itself on new systems, later used as stepping stones to compromise other devices.

Within 8 days since that first booby-trapped attachment was opened, Fabrikam’s entire network was brought to its knees despite the IT department’s efforts, with PCs overheating, freezing, and rebooting because of blue screens, and Internet connections slowing down to a crawl because of Emotet devouring all the bandwidth.

Emotet attack flow (Microsoft DART)

“When the last of their machines overheated, Fabrikam knew the problem had officially spun out of control. ‘We want to stop this hemorrhaging,’ an official would later say,” DART’s case study report reads.

“He’d been told the organization had an extensive system to prevent cyberattacks, but this new virus evaded all their firewalls and antivirus software. Now, as they watched their computers blue-screen one by one, they didn’t have any idea what to do next.”

Based on what the official said following the incident, although not officially confirmed, the attack described by Microsoft’s Detection and Response Team (DART) matches a malware attack that impacted the city of Allentown, Pennsylvania in February 2018, as ZDNet first noticed.

At the time, Mayor Ed Pawlowski said that the city had to pay nearly $1 million to Microsoft to clean out their systems, with an initial $185,000 emergency-response fee to contain the malware and up to $900,000 in additional recovery costs, as first reported by The Morning Call.

Emotet infection aftermath and containment procedures

“Officials announced that the virus threatened all of Fabrikam’s systems, even its 185-surveillance camera network,” DART’s report says.

“Its finance department couldn’t complete any external banking transactions, and partner organizations couldn’t access any databases controlled by Fabrikam. It was chaos.

“They couldn’t tell whether an external cyberattack from a hacker caused the shutdown or if they were dealing with an internal virus. It would have helped if they could have even accessed their network accounts.

“Emotet consumed the network’s bandwidth until using it for anything became practically impossible. Even emails couldn’t wriggle through.”

Microsoft’s DART — a remote team and one that would deal with the attack on site — was called in eight days after the first device on Fabrikam’s network was compromised.

DART contained the Emotet infection using asset controls and buffer zones designed to isolate assets with admin privileges.

They eventually were able to completely eradicate the Emotet infection after uploading new antivirus signatures and deploying Microsoft Defender ATP and Azure ATP trials to detect and remove the malware.

Microsoft recommends using email filtering tools to automatically detect and stop phishing emails that spread the Emotet infection, as well as the adoption of multi-factor authentication (MFA) to stop the attackers from taking advantage of stolen credentials.

Emotet infection chain (CISA)

Emotet infections can lead to severe outcomes

Emotet, originally spotted as a banking Trojan in 2014, has evolved into a malware loader used by threat actors to install other malware families including but not limited to the Trickbot banking Trojan (a known vector used in the delivery of Ryuk ransomware payloads).

Emotet was recently upgraded with a Wi-Fi worm module designed to help it spread to new victims via nearby insecure wireless networks.

Recently, in January 2020, the Cybersecurity and Infrastructure Security Agency (CISA) warned government and private organizations, as well as home users, of increasing activity around targeted Emotet attacks.

In November 2019, the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) also warned of the dangers behind Emotet attacks, saying at the time that the malware “provides an attacker with a foothold in a network from which additional attacks can be performed, often leading to further compromise through the deployment of ransomware.”

Emotet ranked first in a ‘Top 10 most prevalent threats’ ranking published by interactive malware analysis platform Any.Run at the end of December 2019, with triple the number of sample uploads submitted for analysis when compared to the next malware in the top, the Agent Tesla info-stealer.

CISA provides general best practices to limit the effect of Emotet attacks and to contain network infections within an Emotet Malware alert published two years ago and updated earlier this year.

Reference: https://www.bleepingcomputer.com/news/security/microsoft-emotet-took-down-a-network-by-overheating-all-computers/

Share197Tweet123Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft to add new shared channels, encryption for calls, webinar features to Teams

by AZURE SECURITY NEWS EDITOR
March 2, 2021
0

It wouldn't be a Microsoft event without a slew of Teams announcements. And on Day 1 of Microsoft's virtual Ignite...

Microsoft Declares ‘General Availability’ of Threat Experts Security Service

Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

by AZURE SECURITY NEWS EDITOR
March 1, 2021
0

Mindware, one of the leading Value Added Distributors (VADs) in the Middle East and Africa, today announced that it has...

Microsoft To Build New Azure Cloud Data Centers In Greece

Enterprise Key Management Solution Market 2021 Industry Growth Analysis, Future Predictions, SWOT Analysis, By Top Players- EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

by AZURE SECURITY NEWS EDITOR
March 1, 2021
0

The Global Enterprise Key Management Solution Market report covers the study of all the crucial aspects of the market. The report consists...

A moment of reckoning: the need for a strong and global cybersecurity response

Intel Calls Silicon ‘Greatest Weapon Against Security Threats’

by AZURE SECURITY NEWS EDITOR
March 1, 2021
0

Security rooted in silicon has the greatest opportunity to subvert both current and future threats, according to Martin Dixon, VP of security architecture...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
Innovative solutions for IT workers at home

BitDam Offers Complete Security for Office 365 Email, OneDrive and Teams With The Introduction of BitDam ATP+

March 2, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft to add new shared channels, encryption for calls, webinar features to Teams

March 2, 2021
Microsoft Declares ‘General Availability’ of Threat Experts Security Service

Mindware Partners with Cibecs to Help Regional Organizations Manage and Protect Distributed Endpoint Devices and Data

March 1, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In