Understanding Emotet and How to Protect Your Agency

Understanding Emotet and How to Protect Your Agency
Duration: 60 Minutes
Module 1Resources
Recorded on: 2018-12-04
Unit 1Slide Deck: Understanding Emotet and How to Protect Your Agency
Unit 2Recording: Understanding Emotet and How to Protect Your Agency
Unit 3Workbook: Understanding Emotet and How to Protect Your Agency

These days, cyber threats seem to pose a greater destruction than other forms of crime. On this session, Joshua Traynor and Christopher Satanek from the Multi-State Information Sharing and Analysis Center (MS-ISAC) zeroes in on Emotet. Emotet is one of the most destructive type of malware that’s been observed to attack state, local, tribal, and territorial (SLTT) governments.

Joshua Traynor is a Senior Cyber Intelligence Analyst, while Christopher Satanek is a Cyber Intelligence Analyst, for the CIS MS-ISAC. They specialize in tracking malware threats and providing analysis support for partner SLTT government agencies on threat prevention and response.

Josh and Chris take turns discussing Emotet’s history, anatomy, dangers, and prevention. Some of the areas they focused on include:

  • The characteristics of Emotet, and the risks it poses to its victims.
  • The Patient Zero case study that looks into how Emotet gets into a device, infiltrates and infects the whole network, and gains access to data and other confidential information.
  • The most common motivations behind an Emotet attack such as financial gain, system access, and information theft.
  • The organized and sophisticated operation behind an Emotet attack.
  • A brief history of Emotet, and the improvement and updates that come with each new version.
  • The anatomy of an Emotet attack that segments an attack into four phases where:
    • The infection starts through a spoofed email containing a malicious link or file attachment.
    • Emotet establishes persistence oblivious to the user.
    • The instructions phase where Emotet starts collecting sensitive information and details, and establishes remote command and control.
    • Network propagation where email platforms, browsers, and passwords are scraped and information is stolen.
  • Recommendations on how to mitigate the damage post-infection and prevent future attacks.
  • Questions raised by the webinar participants concerns:
    • Training resources for phishing.
    • Understanding what an SMB is and what it does.
    • The sophisticated and opportunistic nature of Emotet.
    • The geographical extent of Emotet attacks.
    • Searching the URLs for clues on whether a link is legitimate or malicious.
    • How the data scraped from the attack is being exploited.


Mentioned During Webinar:

Additional Resources
3 years ago
Justice Agencies & Future Planning for Dark Net, Cryptocurrency and Blockchain
Nobody can win a race with technology. It is changing so rapidly that by the time you make sense of […]
3 years ago
After the Webinar: Understanding Emotet. Q&A with the Presenters
Webinar presenters Christopher Satanek and Joshua Traynor answered a number of your questions after […]
4 years ago
The Current Landscape of Cryptocurrency: An Interview with Stacey Wright and Eugene Kipniss
As technology develops and evolves, so too does the opportunity for new forms of crime. But if you'r […]
4 years ago
CyberThreat Landscape Update for Spring 2018: An Interview with Stacey Wright
Cyberthreats are fast moving and everchanging.  It can be hard for busy justice professionals to k […]