The New Old Enemy: Defending Against the Resurgence of Classic Cyber Threats

Сybercrime has become one of the most lucrative illicit industries in the world, with the potential to earn hackers billions of dollars every year. The constantly evolving tactics and techniques of cybercriminals make it difficult for even the most experienced cybersecurity experts to keep up. One of the most alarming trends in recent years has been the resurgence of old and forgotten malware, such as Emotet, which continues to wreak havoc throughout the cybersecurity world.

Evolving Tactics of Cybercriminals

Cybercriminals are continually honing their skills and evolving their tactics to stay ahead of the latest security measures. They are becoming more meticulous and inventive in their ploys, even reviving outdated and long-forgotten techniques. Many of these methods may seem outdated or irrelevant, but they can still be surprisingly effective, especially when used in conjunction with other more modern tactics.

One example of this is the resurgence of Distributed Denial of Service (DDoS) attacks. DDoS attacks involve flooding a target server with traffic from multiple sources, causing it to become overwhelmed and inaccessible. While more sophisticated attacks like ransomware or APTs may steal the headlines, DDoS attacks remain one of the most effective methods of taking down a website or system. Cybercriminals use advanced botnets to carry out these attacks, which are often made up of compromised IoT devices, home routers, and other connected devices.

The Shrewdness of Cybercriminals

Many of the most successful cybercriminals are shrewd; they want a good return on investment but don’t want to have to reinvent the wheel to get it. This means that, instead of creating new malware from scratch, they are increasingly opting to reuse old code or bring back previously successful methods that have fallen out of favor. This practice is known as code reuse and is becoming more prevalent in the cybersecurity world.

Code reuse can be tough for cybersecurity experts to defend against, as old code is often already known and may have been used for years without generating any issues. This makes it less likely to be detected by standard signature matching or other detection methods. It also means that it can take a long time to discover that a breach has occurred and track down the source of the issue.

Re-emergence of known malware and threats

Code reuse is not the only trend that has led to the resurgence of old malware and threats. The re-emergence of well-known names in the botnet, malware, and wiper space, such as Emotet and GandCrab among others, has served as a reminder that threats and malware never truly go away. Instead, they evolve and adapt, becoming more dangerous and harder to detect.

According to a recent report by cybersecurity firm Check Point Research, the majority of the top malware observed was more than a year old. This highlights the fact that cybercriminals are no longer relying solely on the latest and greatest techniques but are instead using a combination of new and old methods to achieve their goals.

Persistence of Emotet

“Emotet” is a particularly noteworthy example of this trend. First discovered as a banking trojan in 2014, Emotet has been causing havoc ever since. It is a polymorphic malware that can change its code to avoid detection, making it a particularly tricky adversary to defend against. It has been used to deliver other malware such as Trickbot and Ryuk ransomware and has become a favorite tool of many cybercriminals.

In January 2021, Emotet suddenly disappeared from the scene, with no new activity observed for almost a year. Many experts believed that this was the end of the threat or that law enforcement agencies had finally managed to take it down. However, Emotet is a particularly resilient piece of malware and it came back in November of that year with a vengeance. The newly revived version of Emotet was even more dangerous than its predecessor, and its operators had taken the time to update its code and infect a new set of targets.

The Importance of Effective Defense Strategies

So, how can organizations defend against these constantly evolving cyber threats? The key is to develop effective defense strategies that can adapt to changing circumstances. Your ability to defend against, identify, and neutralize such risks quickly determines the success of your security stance and your ability to keep your enemies out.

Using strategies like segmentation throughout the distributed network makes it simpler to detect and stop lateral movement across your infrastructure, even when architectural designs change. This approach divides networks into smaller, more manageable sections, reducing the potential impact of a breach spreading throughout the entire network.

Defeating Dangerous Trends

The resurgence of old malware and threats like Emotet is a worrying trend that shows no signs of slowing down. To stay ahead of these threats, organizations must be proactive in their defenses and focus on updating their cybersecurity policies and procedures regularly. This includes leveraging defense-in-depth strategies to mitigate the risks associated with code reuse and the use of old malware.

Organizations must continually update their defense strategies to ensure they can keep up with the evolving tactics of cybercriminals. By understanding how hackers are evolving their tactics and techniques, organizations can more effectively defend against them and prevent costly data breaches that could ultimately damage their reputation and bottom line.

Emotet and other old malware threats serve as critical reminders that the cybersecurity landscape is ever-evolving and that organizations must stay vigilant to avoid being vulnerable to attacks. Cybercriminals are constantly adapting their tactics and techniques to remain one step ahead, and it is up to organizations to invest in effective cybersecurity defenses to defend against these threats. By staying ahead of the curve and proactively updating their defenses, organizations can better prevent data breaches and theft of confidential information, thereby protecting both themselves and their customers.

Explore more