fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Emotet Botnet Comeback Orchestrated by Conti Ransomware Gang

Emotet Botnet Comeback Orchestrated by Conti Ransomware Gang

The Emotet botnet is back by popular demand, resurrected by its former operator, who was convinced by members of the Conti ransomware gang.

Security researchers at intelligence company Advanced Intelligence (AdvIntel) believe that restarting the project was driven by the void Emotet itself left behind on the high-quality initial access market after law enforcement took it down ten months ago.

The revival of the botnet follows a long period of malware loader shortage and the decline of decentralized ransomware operations that allowed organized crime syndicates to rise again.

Also Read: Compliance With Singapore Privacy Obligations; Made Easier!

Conti ransomware may rise to dominance

Considered the most widely distributed malware, Emotet acted as a malware loader that provided other malware operators initial access to infected systems that were assessed as valuable.

Qbot and TrickBot, in particular, were Emotet’s main customers and used their access to deploy ransomware (e.g. Ryuk, Conti, ProLock, Egregor, DoppelPaymer, and others).

“Emotet’s strategic, operational, and tactical agility was executed through a modular system enabling them to tailor payload functionality and specialization for the needs of specific customers” – AdvIntel

The botnet operators provided initial access at an industrial scale, so many malware operations depended on Emotet for their attacks, especially those in the so-called Emotet-TrickBot-Ryuk triad.

Ryuk is the predecessor of Conti ransomware. The switch occurred last year when Conti activity started to increase and Ryuk detections dwindled down. The operators of both ransomware strains have a long history of attacks hitting organizations in the healthcare and education sector.

AdvIntel researchers say that once Emotet disappeared from the scene, top-tier cybercriminal groups, like Conti (loaded by TrickBot and BazarLoader) and DoppelPaymer (loaded by Dridex) were left without a viable option for high-quality initial access.

“This discrepancy between supply and demand makes Emotet’s resurgence important. As this botnet returns, it can majorly impact the entire security environment by matching the ransomware groups’ fundamental gap” – AdvIntel

Also Read: Got A Notice of Data Breach? Don’t Panic!

The researchers believe that one reason that contributed to multiple ransomware-as-a-service (RaaS) operations shutting down this year (BabukDarkSideBlackMatterREvilAvaddon) was that affiliates used low-level access sellers and brokers (RDP, vulnerable VPN, poor quality spam).

With competitors leaving the ransomware business, the “traditional groups” such as Conti (previously Ryuk) and EvilCorp climbed up the ladder once again, attracting “the talented malware specialists who are massively leaving disbanded RaaSes.”

The Conti group, with at least one Ryuk former member on board and in partnership with Emotet’s biggest client, TrickBot, was in the best position to ask Emotet operators for a comeback.

AdvIntel researchers are confident that the Conti group will deliver their payload to high-value targets via Emotet once the botnet grows, and will become a dominant player on the ransomware scene.

Since partnerships yield the best results, as shown by the Emotet-TrickBot-Ryuk alliance in 2019 and 2020, a new triad may soon rise above other operations, with Conti ransomware as the final payload.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us