Gigamon ATR Examines How Prolific Cyberthreats Traverse Networks and What You Can Do About It

Applied Threat Research highlights methods to achieve a balanced approach to mitigating risk to the enterprise

Santa Clara, CA – February 28, 2019 Gigamon Inc. (“Gigamon”), the essential element of security infrastructure, providing pervasive visibility to network traffic across physical, virtual, and cloud environments, today announced the release of the latest research report from Gigamon Applied Threat Research (ATR), How the Most Prolific Malware Traversed Your Network Without Your Knowledge. Based on observed attack data over the second half of 2018 (2H 2018), the report reveals the command-and-control and lateral activities of three highest-volume malware, Emotet, LokiBot, and TrickBot. ATR also highlights effective methodologies to proactively combat these cybersecurity threats.

The data and analysis bring to light threat-actor behavior and provides a high-level look at the technical methods they use to accomplish their objectives. Key findings in the report include:

  • Emotet campaigns surged in November and December and represented 45.9% of observed attacks during 2H 2018. This is an increase in proportion from the 1H 2018 observations. Those campaigns included significant changes and experimentation in technical details but a continued use of many network techniques that introduce opportunity for detection.  
  • LokiBot represented 11.6% of observed samples in 2H 2018 and the most diverse attachment types used for initial infection. Despite this, the network behaviors remain simplistic highlighting the clear value of pervasive network visibility.
  • TrickBot was 10.4% of observed attacks during 2H 2018 remaining steady in comparison to 1H 2018.
  • All three families of the successful malware show network activity and behaviors that can be rapidly detected with pervasive network visibility along with an understanding of adversary methodologies gained through intelligence efforts.

“While these high-volume threats are well discussed in the security industry, and are seemingly novel, Emotet, Lokibot, and TrickBot still succeed in impacting enterprises around the world, causing significant damage,” said Justin Warner, Director of Applied Threat Research for Gigamon. “It is our desire to share a threat focused methodology in approaching security operations and apply it to these prolific threats. Our goal is to empower security teams to be more prepared to detect and respond to this malicious activity, and others that share or recycle similar technical methods.”

ATR has the mission to dismantle the adversary’s ability to impact our customers through world-class threat research. The team consists of expert analysts, detection engineers, and security researchers who discover emerging threat activity, engineer detection capabilities for Gigamon, and advance the state of our products to maintain the advantage against threats.

Click here for a full copy of How the Most Prolific Malware Traversed Your Network Without Your Knowledge and check out the Gigamon Insight page to learn how to effectively start securing your organization.


About Gigamon

Gigamon is the recognized leader in network visibility solutions, delivering the powerful insights needed to see, secure and empower enterprise networks. Our solutions accelerate threat detection and incident response times while empowering customers to maximize their infrastructure performance across physical, virtual and cloud networks. Since 2004 we have cultivated a global customer base which includes leading Service Providers, Government Agencies as well as Enterprise NetOps and SecOps teams from more than 80 percent of the Fortune 100. For the full story on how we can help reduce risk, complexity, and cost to meet your business needs, visit our website, follow our blog, and connect with us on your favorite social channels Twitter, LinkedIn and Facebook.