CISA Warns Of LokiBot Uptick – Expert’s Perspective

CISA today warned of a substantial increase in the use of LokiBot “info stealer” malware by bad actors since July 2020, as detected by CISA’s EINSTEIN Intrusion Detection System. LokiBot uses credential- and information-stealing malware that’s typically sent as a malicious attachment, and can also create a backdoor into infected systems to let attackers install additional payloads. It’s known as an easily deployable, effective threat and is often used in campaigns targeting Windows and Android operating systems to push malware via email, malicious websites, text and messaging. An expert with Gurucul offers perspective.

Subscribe
Notify of
guest

2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Mark Bagley
Mark Bagley , VP of Product
InfoSec Expert
September 24, 2020 4:58 pm

Cyberattacks have been evolving and growing at an alarming rate in the recent past, sparing no industry from disruption. The increase of LokiBot malware incidents shines a light on why organizations should take a proactive approach to testing and validating their security controls. Understanding common adversary tactics, techniques, and procedures, as outlined by the MITRE ATT&CK framework, allows organizations to protect what matters most to them, their ability to operate. Doing this on an automated, ongoing basis is crucial to informing an organization\’s defenders about the state of the security program, as well as supporting the goal of continuous improvement.

Last edited 2 years ago by Mark Bagley
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
September 23, 2020 5:17 pm

The recent advisory on the LokiBot malware is another indication of how malware authors have turned their malicious activities into a scalable business model. The fact that LokiBot has been around for over four years and has gained in capability over time is a reflection of how much malicious actors have advanced the state of their art, leveraging the same development models we use in the commercial space. Fortunately, our security tools have also improved over time. Using a combination of data sources for telemetry, it\’s possible to analyze events as they happen and identify malicious user or system behaviors. This lets an organization mitigate these attacks before they can cause serious damage.

Last edited 2 years ago by Saryu Nayyar
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x