Microsoft’s case study: Emotet took down an entire network in just 8 days

Security Affairs

Microsoft shared details of the Emotet attack suffered by an organization named Fabrikam in the Microsoft’s Detection and Response Team (DART ) Case Report 002 , where Fabrikam is a fake name the IT giant gave the victim.

Emotat Malware Causes Physical Damage

Schneier on Security

The Emotet payload was delivered and executed on the systems of Fabrikam -- a fake name Microsoft gave the victim in their case study -- five days after the employee's user credentials were exfiltrated to the attacker's command and control (C&C) server.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials

Elie

In this paper, we present the first longitudinal measurement study of the underground ecosystem fueling credential theft and assess the risk it poses to millions of users. million potential victims of phishing kits; and 1.9 Drawing upon Google as a case study, we find 7–25% of exposed passwords match a victim’s Google account.

Google's Data on Login Thefts

Schneier on Security

This is interesting research and data: With Google accounts as a case-study, we teamed up with the University of California, Berkeley to better understand how hijackers attempt to take over accounts in the wild. Our research tracked several black markets that traded third-party password breaches, as well as 25,000 blackhat tools used for phishing and keylogging. academicpapers credentials google keylogging phishing

Security Affairs newsletter Round 258

Security Affairs

addresses two zero-days exploited in the wild Microsofts case study: Emotet took down an entire network in just 8 days New Coronavirus-themed campaign spread Lokibot worldwide. A new round of the weekly newsletter arrived! The best news of the week with Security Affairs.

NHS is still assessing the cost of WannaCry one year later

Security Affairs

The report includes a case study related a “large NHS mental health trust” that was protected with Advanced Threat Protection that allowed to repeal a phishing email attack with a weaponized excel spreadsheet attachment. The UK’s Department of Health and Social Care provided an update on the efforts to secure the NHS IT infrastructure, with a focus on WannaCry overall costs.

What did you do for European Cyber Security Month?

IT Governance

Likewise, we explained the after-effects of a data breach , and continued our monthly review of phishing scams and of the latest data breaches and cyber attacks. On 5 and 6 November, professionals in the business continuity, cyber security, risk management and resilience sectors will gather in London to take part in workshops, explore case studies and listen to keynote speeches.