Friday, September 25, 2020
Home News Malware strikes Microsoft BusinessNetwork

Malware strikes Microsoft BusinessNetwork

Emotet Malware leads to shutting down their entire Business Network by Overheating PCs: Starting with a phishing Email

Emotet is Trojan type malware primarily spreads with spam emails. It may look like an official business email, representing a repetitive brand name. It can contain a malicious script, programmed macro script or a link, or malicious link. Emotet is also capable of allowing the attackers to install updates. This means that they can install additional malware such as banking Trojans. Primarily leads to stole financial credentials, email addresses usernames, and passwords. 

How did the attack happen?

According to DART (Microsoft Detection and Response Team), Emotet managed to sneak through all the firewall rules and software in Fabrikam (an alias name used to protect its client name by Microsoft). It has tricked one of the employees to open a malicious email attachment, handing over the login credentials to hackers. After a series of events organizations, core systems shut down by overheating the pcs.

After sneaking through all the rules in the Fabrikam, One employee opened the email, which contained the malware, handing over machine access credentials to the attackers’ C2C (command and control) server. C2 infrastructure also helped to deliver updates to malware so they can bypass the firewall rules.

Malware strikes Microsoft BusinessNetwork 1
Emotet is Trojan type malware primarily spreads with spam emails

Soon after four days, they have used the initial compromised account to spread the malware by sending emails to other Fabrikam’s employees and external contacts. Generally, we all trust internal account emails; even most email filters don’t filter internal emails. As a result, more computers got infected. With the help of stolen access to admin accounts, malware managed to authenticate itself within the network all the way to its infrastructure.

On the 8th day after the first malware email opened, the network crashed. Computers started to freeze, overheating, abrupt shutdowns, and rebooting. Furthermore, it even consumed all the network’s bandwidth by a DDoS(Distributed Denial of Service) attack. Since the network blockage, even the IT department was unable to diagnose the situation. 

After realizing the situation is outside of their control, DART was called to Fabrikam. One team of DART went onsite with Fabrikam, while another DART team began to help remotely. One DART team went onsite with the victim, while another DART group assisted remotely. 

DART had to deploy Microsoft malware detection tools, including Trials of Defender ATP (Advanced Threat Protection), Azure ATP services, Azure Security Scan, which helped to gain access to view the Fabrikam operations. Onsite DART team used deployed tools so that they can get into the network and create buffer zones to control the malware. They’ve repaired Microsoft System Center Configuration Manager allowing the system to recover. Then they made architectural changes to stop reinfecting malware and separated the asset and admin environment. 

Conclusion :

It’s better to deploy Email filters even within the organization and add multi-factor authorization for administrative directories. Additionally, It’s better to have a Network Visibility tool. These things will help you to stop the spreading malware or slow it down without damaging the entire network.


Please enter your comment!
Please enter your name here

- Advertisment -
Malware strikes Microsoft BusinessNetwork 5

Most Popular

Microsoft Launched a Windows File Recovery Tool

Microsoft Windows Recovery is a command-line application released by Microsoft for free, and it's available to download from the Microsoft Store. However,...

New Chromium-based Edge will released to all Windows 10

The new chromium-based Microsoft Edge browser starts to rolling out to all Windows 10 users via windows update. Microsoft confirms that the...

What is Private/Incognito Mode In Browsers ?

Ever since the private browsing introduced to the browsers, most people have been using private, otherwise named Incognito feature under the wrong...

How To fix Dota Main Menu Lag After The T10 Battle Pass update 2020

After the major T10 battle pass update in dota2, gamers started to complain about the lag in the main menu. Especially the...

Recent Comments