Emotet and Trickbot Are the Future of Malware

Written by

Malware authors have been incorporating new infection methods that have resulted in a whole new category of attacks that are likely to represent the future of malware, according to a new research report from Malwarebytes.

Released today, the research report Under the Radar – The Future of Undetected Malware revealed that malware authors are using new skills that help them evade detection, giving them an edge against security tools and enterprise defenders. These new infection methodologies enable the malware to persist after compromise have resulted in the emergence of a whole new category of attacks in 2018.

The report analyzed the latest data in fileless attack methodology, frequency, remediation resistance and adaptive attacks and found that TrickBot, SamSam, Emotet, and Sorebrect represent the future of attacks. According to the research, not only is fileless malware estimated to account for 35% of all attacks in 2018, but it is also 10 times more likely to succeed than file-based attacks.

“Emotet has been terrorizing systems worldwide for much of the year, with heavy campaigns in both Q1 and Q3 of 2018. In July 2018, US-CERT released an alert about Emotet and its capabilities,” wrote Adam Kujawa, director of Malwarebytes Labs.  

The malware reportedly borrows the propagation and anti-forensic techniques seen in previous complex nation-state attacks, which means that the unique behaviors and tactics of these newest malware are able to withstand attempts at cleanup.

According to Malwarebytes, Emotet malware was detected and removed more than 1.5 million times between January and September 2018, while its telemetry further revealed the detection and removal of TrickBot within a single industry nearly half a million times in the first nine months of 2018.

“Most malware is not spread by a shady guy in a fedora putting USB sticks into every computer he can see, it is spread through exploit kits and through malicious spam campaigns and often through avenues that can be monitored and protected,” wrote Kujawa.

What’s hot on Infosecurity Magazine?