The Hacker News is reporting on the spread of a botnet malware called MyloBot that is compromising 50,000 systems per day. Stay ahead of the threat.
The Hacker News reports,
“What makes MyloBot dangerous is its ability to download and execute any type of payload after it infects a host,” Lumen’s Black Lotus Labs said in November 2018. “This means at any time it could download any other type of malware the attacker desires.”
They also report, “MyloBot is known to employ a multi-stage sequence to unpack and launch the bot malware. Notably, it also sits idle for 14 days before attempting to contact the command-and-control (C2) server to sidestep detection.” (emphasis added)
MyloBot is continuing to evolve over time, so more than a signature based defense is needed. Well maintained and monitored behavior-based endpoint security programs, such as those deployed by Tuearis Cyber in our Managed EDR, are capable of recognizing the malicious activity of MyloBot for quick interdiction.
Here are a few tips for your EDR program:
- Ensure that the endpoint agents are kept up to date.
- Ensure that alerts are being investigated quickly and appropriate remediations performed.
- Enable active defense rather than passive only.
- Perform monthly inventory analysis to ensure endpoints aren’t going unprotected.
If we can help with your Endpoint Detection and Response program, contact us today!