CISA Warns Of LokiBot Uptick – Expert’s Perspective

CISA today warned of a substantial increase in the use of LokiBot “info stealer” malware by bad actors since July 2020, as detected by CISA’s EINSTEIN Intrusion Detection System. LokiBot uses credential- and information-stealing malware that’s typically sent as a malicious attachment, and can also create a backdoor into infected systems to let attackers install additional payloads. It’s known as an easily deployable, effective threat and is often used in campaigns targeting Windows and Android operating systems to push malware via email, malicious websites, text and messaging. An expert with Gurucul offers perspective.

Experts Comments

September 23, 2020
Saryu Nayyar
CEO
Gurucul
The recent advisory on the LokiBot malware is another indication of how malware authors have turned their malicious activities into a scalable business model. The fact that LokiBot has been around for over four years and has gained in capability over time is a reflection of how much malicious actors have advanced the state of their art, leveraging the same development models we use in the commercial space. Fortunately, our security tools have also improved over time. Using a combination of.....Read More
The recent advisory on the LokiBot malware is another indication of how malware authors have turned their malicious activities into a scalable business model. The fact that LokiBot has been around for over four years and has gained in capability over time is a reflection of how much malicious actors have advanced the state of their art, leveraging the same development models we use in the commercial space. Fortunately, our security tools have also improved over time. Using a combination of data sources for telemetry, it's possible to analyze events as they happen and identify malicious user or system behaviors. This lets an organization mitigate these attacks before they can cause serious damage.  Read Less
September 24, 2020
Mark Bagley
VP of Product
AttackIQ
Cyberattacks have been evolving and growing at an alarming rate in the recent past, sparing no industry from disruption. The increase of LokiBot malware incidents shines a light on why organizations should take a proactive approach to testing and validating their security controls. Understanding common adversary tactics, techniques, and procedures, as outlined by the MITRE ATT&CK framework, allows organizations to protect what matters most to them, their ability to operate. Doing this on an.....Read More
Cyberattacks have been evolving and growing at an alarming rate in the recent past, sparing no industry from disruption. The increase of LokiBot malware incidents shines a light on why organizations should take a proactive approach to testing and validating their security controls. Understanding common adversary tactics, techniques, and procedures, as outlined by the MITRE ATT&CK framework, allows organizations to protect what matters most to them, their ability to operate. Doing this on an automated, ongoing basis is crucial to informing an organization's defenders about the state of the security program, as well as supporting the goal of continuous improvement.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.