infographic
S
In its latest infographic, Sophos
has revealed details of the
Emotet ecosystem while also
separately announcing the
release of a cloud-based threat
intelligence and analysis platform
that enables developers to build
more secure applications.
22
Sophos, a global leader in next-
generation cybersecurity solutions,
has released an infographic
– produced by experts within
SophosLabs – which describes the
infection process and subsequent
behaviour commonly displayed by
samples in the Emotet malware family.
Emotet is routinely among the most
problematic and widely distributed
malware families that Sophos
researchers encounter daily. If there
were such a thing as a ‘most wanted’
list for malware, Emotet would surely
top the list.
Emotet serves a purpose both as
a standalone malware capable of
causing significant harm on its
own and as a distribution network
for other malware families, whose
operators appear to engage with
Emotet’s software distribution
capabilities as a matter of routine.
and historical intelligence, including:
telemetry from Sophos’ endpoint,
network and mobile security solutions;
data from honeypots and spam traps;
30 years of threat research; predictive
insights from Machine and Deep
Learning models; and much more.
Through the use of secure RESTful
APIs, developers can directly tap
the platform with file submissions for
static and dynamic analysis, queries
on file hashes, URLs, IP addresses
and Android applications (APKs) to
proactively answer questions like, ‘Is
this file safe? What happens if I open or
execute it?’ or ‘Is this link safe? What
happens if I call this URL?’.
Part of the payload package may,
in fact, be components that assist
Emotet in finding and infecting
other victims.
In this way, Emotet plays a
uniquely central role in a wide
variety of malware infection
scenarios, just a few of which are
illustrated in the infographic.
SophosLabs Intelix cloud-
based threat intelligence
platform now available
Sophos has also announced
the availability of SophosLabs
Intelix, a cloud-based threat
intelligence and analysis platform
that enables developers to build
more secure applications.
With SophosLabs Intelix, developers
can make API calls into the platform
for turnkey cyberthreat expertise that
assesses the risk of artefacts such
as files, URLs and IP addresses.
The platform continuously updates
and collates petabytes of real-time
Sophos is
building a global
community around
its APIs to spark
innovation among
developers.
Issue 21
|
www.intelligentciso.com