{"id":103458,"date":"2020-08-03T07:00:43","date_gmt":"2020-08-03T14:00:43","guid":{"rendered":"\/blogs\/?p=103458"},"modified":"2024-07-08T23:27:28","modified_gmt":"2024-07-09T06:27:28","slug":"mcafee-defenders-blog-netwalker","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/","title":{"rendered":"McAfee Defender\u2019s Blog: NetWalker"},"content":{"rendered":"

Building Adaptable Security Architecture Against NetWalker<\/em><\/h2>\n

NetWalker Overview<\/h3>\n

The NetWalker ransomware, initially known as Mailto, was first detected in August 2019. Since then, new variants were discovered throughout 2019 and the beginning of 2020, with a strong uptick noticed in March of this year. NetWalker has noticeably evolved to a more stable and robust ransomware-as-a-service (RaaS) model, and McAfee research suggests that the malware operators are targeting and attracting a broader range of technically advanced and enterprising criminal affiliates. McAfee Advanced Threat Research (ATR) discovered a large sum of bitcoins linked to NetWalker which suggest its extortion efforts are effective and that many victims have had no option other than to succumb to its criminal demands. For more details on NetWalker, see the McAfee ATR blog here<\/a>.<\/p>\n

We do not want you to be one of those victims, so this blog is focused on how to build an adaptable security architecture to defeat this threat and, specifically, how McAfee\u2019s portfolio delivers the capability to prevent, detect and respond to NetWalker ransomware.<\/p>\n

Gathering Intelligence on NetWalker<\/h3>\n

As always, building adaptable defensive architecture starts with intelligence. In most organizations, the Security Operations team is responsible for threat intelligence analysis, as well as threat and incident response. The Preview of McAfee MVISION Insights<\/a>\u00a0is a sneak peek of some of MVISION Insights capabilities for the threat intel analyst and threat responder. The preview identifies the prevalence and severity of select top emerging threats across the globe which enables the Security Operations Center (SOC) to prioritize threat response actions and gather relevant cyber threat intelligence (CTI) associated with the threat, in this case NetWalker ransomware. The CTI is provided in the form of technical Indicators of Compromise (IOCs) as well as MITRE ATT&CK framework tactics and techniques.<\/p>\n

As a threat intel analyst or responder, you can drill down to gather more specific information on NetWalker, such as prevalence and links to other sources of information.<\/p>\n

As a threat intel analyst or responder, you can further drill down to gather more specific actionable intelligence on NetWalker, such as indicators of compromise and tactics\/techniques aligned to the MITRE ATT&CK framework.<\/p>\n

From MVISION Insights preview, you can see that NetWalker leverages tactics and techniques common to other ransomware attacks, such as spear phishing attachments for Initial Access, use of PowerShell for deployment, modification of Registry Keys\/Startup folder for persistence and encryption of files for impact of course.<\/p>\n

Defensive Architecture Overview<\/h3>\n

Today\u2019s digital enterprise is a hybrid environment of on-premise systems and cloud services with multiple entry points for attacks like NetWalker. The work from home operating model forced by COVID-19 has only expanded the attack surface and increased the risk for successful ransomware attack if organizations did not adapt their security posture. Mitigating the risk of attacks like NetWalker requires a security architecture with the right controls at the device, on the network and in security operations (sec ops). The Center for Internet Security (CIS) Top 20 Cyber Security Controls<\/a> provides a good guide to build that architecture. For ransomware, and NetWalker in particular, the controls must be layered throughout the enterprise. The following outlines the key security controls needed at each layer of the architecture to protect your enterprise against ransomware.<\/p>\n

To assess your capability against NetWalker, you must match your existing controls against the attack stages we learned from the Preview of MVISION Insights. For detailed analysis on the NetWalker ransomware attack, see McAfee ATR\u2019s blog<\/a>\u00a0but, for simplicity, we matched the attack stages to the MITRE ATT&CK Framework below.<\/p>\n

Initial Access Stage Defensive Overview<\/h3>\n

According to Threat Intelligence and Research, the initial access is performed either through vulnerability exploitation or spear phishing attachments. The following chart summarizes the controls expected to have the most effect against initial stage techniques and the McAfee solutions to implement those controls where possible.<\/p>\n\n\n\n\n\n\n
MITRE Tactic<\/strong><\/td>\nMITRE Techniques<\/strong><\/td>\nCSC Controls<\/strong><\/td>\nMcAfee Capability<\/strong><\/td>\n<\/tr>\n
Initial Access<\/td>\nExploit Public-Facing Applications (T1190)<\/p>\n

Tomcat, Web Logic<\/td>\n

CSC 2<\/strong> Inventory of Software Assets<\/p>\n

CSC 3<\/strong> Continuous Vulnerability Assessment<\/p>\n

CSC 5<\/strong> Secure Configuration of hardware and software<\/p>\n

CSC 9<\/strong> Limitation of Network Ports and Protocols<\/p>\n

CSC 12<\/strong> Boundary Defense<\/p>\n

CSC 18<\/strong> Application Software Security<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Application Control (MAC)<\/p>\n

Network Security Platform (NSP)<\/td>\n<\/tr>\n

Initial Access<\/td>\nSpear Phishing Attachments (T1566.001)<\/td>\nCSC 7<\/strong> \u2013 Email and Web Browser Protection<\/p>\n

CSC 8<\/strong> \u2013 Malware Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection,<\/p>\n

Web Gateway (MWG), Advanced Threat Defense, Web Gateway Cloud Service (WGCS)<\/td>\n<\/tr>\n

Initial Access<\/td>\nValid Accounts (T1078) RDP Compromised<\/td>\nCSC 5<\/strong> Secure Configuration of hardware and software<\/p>\n

CSC 9<\/strong> Limitation of Network Ports and Protocols<\/p>\n

CSC 12<\/strong> Boundary Defense<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

As attackers can quickly change spear phishing attachments, it is important to have adaptable defenses that include user awareness training and response procedures, behavior-based malware defenses on email systems, web access and endpoint systems, and finally sec ops playbooks for early detection and response against suspicious email attachments or other phishing techniques. For more information on how McAfee can protect against suspicious email attachments, review this additional blog post<\/a>.<\/p>\n

Using valid accounts and protocols, such as for Remote Desktop Protocol, is an attack technique we have seen rise during the initial COVID-19 period. To further understand how McAfee defends against RDP as an initial access vector, as well as how the attackers are using it to deploy ransomware, please see our previous posts.<\/p>\n

https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/rdp-security-explained\/<\/a><\/p>\n

https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/cybercriminals-actively-exploiting-rdp-to-target-remote-organizations\/<\/a><\/p>\n

https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/ens-10-7-rolls-back-the-curtain-on-ransomware\/<\/a><\/p>\n

Exploitation Stage Defensive Overview<\/h3>\n

The exploitation stage is where the attacker gains access to the target system. Protection at this stage is heavily dependent on system vulnerability management, adaptable anti-malware on both end user devices and servers and security operations tools like endpoint detection and response sensors.<\/p>\n

McAfee Endpoint Security 10.7 provides a defense in depth capability including signatures and threat intelligence to cover known bad indicators or programs.<\/p>\n

Additionally, machine-learning and behavior-based protection reduces the attack surface against NetWalker and detects new exploitation attack techniques.<\/p>\n

For more information on how McAfee Endpoint Security 10.7 can prevent or identify the techniques used in NetWalker, review these additional blog posts.<\/p>\n

https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/ens-10-7-rolls-back-the-curtain-on-ransomware\/<\/a><\/p>\n

https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-amsi-integration-protects-against-malicious-scripts\/<\/a><\/p>\n

https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/how-to-use-mcafee-atp-to-protect-against-emotet-lemonduck-and-powerminer\/<\/a><\/p>\n

The following chart summarizes the critical security controls expected to have the most effect against exploitation stage techniques and the McAfee solutions to implement those controls where possible.<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
MITRE Tactic<\/strong><\/td>\nMITRE Techniques<\/strong><\/td>\nCSC Controls<\/strong><\/td>\nMcAfee Portfolio Mitigation<\/strong><\/td>\n<\/tr>\n
Execution<\/td>\nPowerShell (T1059.001) PowerShell Script<\/td>\nCSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, Application Control (MAC), MVISION EDR<\/td>\n<\/tr>\n
Execution<\/td>\nService Execution (T1569.002) PS Exec<\/td>\nCSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, Application Control (MAC), MVISION EDR<\/td>\n<\/tr>\n
Execution<\/td>\nCommand and Scripting Interpreter (T1059.003)<\/p>\n

Windows Command Shell<\/td>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, Application Control (MAC), MVISION EDR<\/td>\n<\/tr>\n
Execution<\/td>\nNative API (T1106) Use Windows API functions to inject DLL<\/td>\nCSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, Application Control (MAC), MVISION EDR<\/td>\n<\/tr>\n
Execution<\/td>\nWindows Management Instrumentation ((T1047)<\/td>\nCSC 4 <\/strong>Controlled Use of Admin Privileges<\/p>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 9<\/strong> Limitation of Network Ports and Protocols<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, Application Control (MAC), MVISION EDR<\/td>\n<\/tr>\n
Persistence<\/td>\nRegistry Key – Place Value on Run Once Key (T1060)<\/td>\nCSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7 Threat Prevention<\/td>\n<\/tr>\n
Persistence<\/td>\nModify Registry key \u2013 Create own key (T1112)<\/td>\nCSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7 Threat Prevention<\/td>\n<\/tr>\n
Privilege Escalation<\/td>\nExploitation for Privilege Exploitation ((T1068) CVE-2020-0796<\/td>\nCSC 3 <\/strong>Vulnerability Management<\/p>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/p>\n

CSC 12 <\/strong>Boundary Defenses<\/td>\n

Network Security Platform (CVE-2020-0796)<\/a><\/td>\n<\/tr>\n
Privilege Escalation<\/td>\nExploitation for Privilege Exploitation ((T1068) CVE-2019-1458<\/td>\nCSC 3 <\/strong>Vulnerability Management<\/p>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/p>\n

CSC 12 <\/strong>Boundary Defenses<\/td>\n

Network Security Platform (CVE-2019-1458<\/a>)<\/a>; Endpoint Security Platform 10.7 (CVE-2019-1458<\/a>) Threat Prevention, Application Control (MAC)<\/td>\n<\/tr>\n
Privilege Escalation<\/td>\nExploitation for Privilege Exploitation ((T1068) CVE-2017-0213<\/td>\nCSC 3 <\/strong>Vulnerability Management<\/p>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/p>\n

CSC 12 <\/strong>Boundary Defenses<\/td>\n

Network Security Platform (CVE-2017-0213<\/a>)<\/a>; Endpoint Security Platform 10.7 (CVE-2017-0213<\/a>) Threat Prevention, Application Control (MAC)<\/td>\n<\/tr>\n
Privilege Escalation<\/td>\nExploitation for Privilege Exploitation ((T1068) CVE-2015-1701<\/td>\nCSC 3 <\/strong>Vulnerability Management<\/p>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/p>\n

CSC 12 <\/strong>Boundary Defenses<\/td>\n

Network Security Platform (CVE-2015-1701<\/a>)<\/a>; Endpoint Security Platform 10.7, Threat Prevention, Application Control (MAC)<\/td>\n<\/tr>\n
Privilege Escalation<\/td>\nProcess Injection: Reflective DLL (T1055)<\/td>\nCSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, MVISION EDR<\/td>\n<\/tr>\n
Defensive Evasion<\/td>\nDisabling Security Tools (T1562.001) ESET, Trend Micro, MS<\/td>\nCSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

<\/td>\n<\/tr>\n
Defensive Evasion<\/td>\nProcess Injection: Reflective DLL (T1055)<\/td>\nCSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, MVISION EDR<\/td>\n<\/tr>\n
Defensive Evasion<\/td>\nDeobfuscate\/Decode Files or Information (T1140)<\/p>\n

 <\/td>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, MVISION EDR<\/td>\n<\/tr>\n
Defensive Evasion<\/td>\nObfuscated Files or Information (T1027): PowerShell Script uses Base64 and hexadecimal encoding and XOR-encryption<\/p>\n

 <\/td>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/p>\n

CSC 12 <\/strong>Boundary Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, MVISION EDR<\/td>\n<\/tr>\n
Credential Access<\/td>\nCredential Dumping (T1003) Mimikatz, Mimidogz, Mimikittenz, Pwdump, LaZagne, Windows Credentials<\/td>\nCSC 4 <\/strong>Controlled Use of Admin Privileges<\/p>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, Application Control (MAC), MVISION EDR<\/td>\n<\/tr>\n
Credential Access<\/td>\nBrute Force (T1110) NL Brute<\/td>\nCSC 4 <\/strong>Controlled use of admin privileges<\/p>\n

CSC 16 <\/strong>Account Monitoring<\/td>\n

Enterprise Security Manager \u2013 Log Analysis<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

Impact Stage Defensive Overview<\/h3>\n

The impact stage is where the attacker encrypts the target system, data and perhaps moves laterally to other systems on the network. Protection at this stage is heavily dependent on adaptable anti-malware on both end user devices and servers, network controls and security operation\u2019s capability to monitor logs for anomalies in privileged access or network traffic. The following chart summarizes the controls expected to have the most effect against impact stage techniques and the McAfee solutions to implement those controls where possible.<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n
MITRE Tactic<\/strong><\/td>\nMITRE Techniques<\/strong><\/td>\nCSC Controls<\/strong><\/td>\nMcAfee Portfolio Mitigation<\/strong><\/td>\n<\/tr>\n
Discovery<\/td>\nNetwork Service Scanning (T1046)<\/p>\n

Network Scanner<\/td>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/p>\n

CSC 12 <\/strong>Boundary Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Application Control (MAC), Network Security Platform<\/td>\n<\/tr>\n
Lateral Movement<\/td>\nThird Party Software (T1072)<\/p>\n

TeamViewer, Anydesk<\/td>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/p>\n

CSC 12 <\/strong>Boundary Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Network Security Platform<\/td>\n<\/tr>\n
Lateral Movement<\/td>\nService Execution (T1035) PS Exec<\/td>\nCSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/p>\n

CSC 12 <\/strong>Boundary Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, MVISION EDR<\/td>\n<\/tr>\n
Collection<\/td>\nData from Information Repositories (T1213)<\/td>\nCSC 4 <\/strong>Control Admin Privileges<\/p>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 6 <\/strong>Log Analysis<\/td>\n

Enterprise Security Manger – Log Collection and Analysis<\/td>\n<\/tr>\n
Collection<\/td>\nData from local system (T1005)<\/td>\nCSC 4 <\/strong>Control Admin Privileges<\/p>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 6 <\/strong>Log Analysis<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, MVISION EDR<\/td>\n<\/tr>\n
Collection<\/td>\nData from network shared drive (T1039)<\/td>\nCSC 4 <\/strong>Control Admin Privileges<\/p>\n

CSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 6 <\/strong>Log Analysis<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, MVISION EDR<\/td>\n<\/tr>\n
Command and Control<\/td>\nIngress Tool Transfer (T1105)<\/td>\nCSC 8 <\/strong>Malware Defenses<\/p>\n

CSC 12 <\/strong>Boundary Defenses<\/td>\n

Web Gateway, Network Security Platform<\/td>\n<\/tr>\n
Impact<\/td>\nData Encrypted (T1486) Netwalker Ransomeware<\/td>\nCSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, MVISION EDR, Web Gateway<\/td>\n<\/tr>\n
Impact<\/td>\nInhibit System Recovery (T1490) Shadow<\/td>\nCSC 5 <\/strong>Secure Configuration<\/p>\n

CSC 8 <\/strong>Malware Defenses<\/td>\n

Endpoint Security Platform 10.7, Threat Prevention, Adaptive Threat Protection, MVISION EDR, Web Gateway<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

Hunting for NetWalker Indicators<\/h3>\n

As a threat intel analyst or hunter, you might want to quickly scan your systems for any of NetWalker indicators. Of course, you can do that manually by downloading a list of indicators and searching with available tools. However, if you have MVISION EDR, you will be able to that search right from Insights, saving precious time. Hunting the attacker can be a game of inches so every second counts. Of course, if you found infected systems or systems with indicators, you can take action to contain and start an investigation for incident response immediately from the MVISION EDR console.<\/p>\n

Proactively Detecting NetWalker Techniques<\/h3>\n

Many of the exploit stage techniques in this attack use legitimate Windows tools or valid accounts to either exploit, avoid detection or move laterally. These techniques are not easily prevented but can be detected using MVISION EDR. As security analysts, we want to focus on suspicious techniques, such as PowerShell, used to download files\u2026<\/p>\n

or execute scripts\u2026<\/p>\n

or evade defenses\u2026<\/p>\n

Monitoring or Reporting on NetWalker Events<\/h3>\n

Events from McAfee Endpoint Protection and Web Gateway play a key role in NetWalker incident and threat response. McAfee ePO centralizes event collection from all managed endpoint systems. As a threat responder, you may want to create a dashboard for NetWalker-related threat events to understand current exposure. Here is a list (not exhaustive) of NetWalker-related threat events as reported by Endpoint Protection Platform Threat Prevention Module and McAfee Web Gateway.<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
McAfee Endpoint Threat Prevention Events<\/strong><\/td>\n<\/tr>\n
Ransom-NetW!AB8D59ABA3DC<\/td>\nGenericRXKU-HO!E33E060DA1A5<\/td>\nPS\/Netwalker.a<\/td>\nRansom-NetW!1B6A2BFA39BC<\/td>\n<\/tr>\n
Artemis!2F96F8098A29<\/td>\nGenericRXKD-DA!645C720FF0EB<\/td>\nGenericRXKD-DA!4E59FBA21C5E<\/td>\nRansom-NetW!A9E395E478D0<\/td>\n<\/tr>\n
Ransom-NetW!A0BC1AFED896<\/td>\nPS\/Netwalker.c<\/td>\nArtemis!F5C877335920<\/td>\nGenericRXKD-DA!B862EBC24355<\/td>\n<\/tr>\n
Artemis!2F96F8098A29<\/td>\nGenericRXKD-DA!63EB7712D7C9<\/td>\nRDN\/Ransom<\/td>\nGenericRXKD-DA!F0CC568491CD<\/td>\n<\/tr>\n
Artemis!0FF0D5085F7E<\/td>\nGenericRXKD-DA!9172586C2F87<\/td>\nRDN\/Generic.dx<\/td>\nRansom-NetW!BFF6F7B3A7DB<\/td>\n<\/tr>\n
Ransom-NetW!7B77B436360A<\/td>\nGenericRXKD-DA!BC75859695F6<\/td>\nGenericRXKD-DA!FCEDEA8111AB<\/td>\nGenericRXKD-DA!5ABF6ED342FD<\/td>\n<\/tr>\n
PS\/Netwalker.d<\/td>\nGenericRXKD-DA!C0DDA75C6EAE<\/td>\nGenericRXKD-DA!ADDC865F6169<\/td>\nGenericRXKD-DA!DBDD7A1F53AA<\/td>\n<\/tr>\n
Artemis!1527DAF8626C<\/td>\nGenericRXKD-DA!608AC26EA80C<\/td>\nRansom-NetW!3A601EE68000<\/td>\nGenericRXKD-DA!8102821249E1<\/td>\n<\/tr>\n
Ransom-NetW!2E2F5FE8ABA4<\/td>\nGenericRXKD-DA!F957F19CD9D7<\/td>\nGenericRXKD-DA!3F3CC36F4298<\/td>\nGenericRXKD-DA!9001DFA8D69D<\/td>\n<\/tr>\n
PS\/Agent.bu<\/td>\nGenericRXKD-DA!5F55AC3DD189<\/td>\nGenericRXKD-DA!18C32583A6FE<\/td>\nGenericRXKD-DA!01F703234047<\/td>\n<\/tr>\n
Ransom-NetW!62C71449FBAA<\/td>\nGenericRXKD-DA!6A64553DA499<\/td>\nGenericRXKD-DA!0CBA10DF0C89<\/td>\nArtemis!50C6B1B805EC<\/td>\n<\/tr>\n
PS\/Netwalker.b<\/td>\nGenericRXKD-DA!59B00F607A75<\/td>\nArtemis!BC96C744BD66<\/td>\nGenericRXKD-DA!DE0B8566636D<\/td>\n<\/tr>\n
Ransom-NetW!8E310318B1B5<\/td>\nGenericRXKD-DA!0537D845BA09<\/td>\nGenericRXKU-HO!DE61B852CADA<\/td>\nGenericRXKD-DA!B4F8572D4500<\/td>\n<\/tr>\n
PS\/Netwalker.c<\/td>\nGenericRXKD-DA!D09CFDA29F17<\/td>\nPS\/Agent.bx<\/td>\nGenericRXKD-DA!0FF5949ED496<\/td>\n<\/tr>\n
GenericRXKD-DA!2B0384BE06D2<\/td>\nGenericRXKD-DA!5CE75526A25C<\/td>\nGenericRXKD-DA!BDC345B7BCEC<\/td>\nRansom-CWall!993B73D6490B<\/td>\n<\/tr>\n
GenericRXKD-DA!0E611C6FA27A<\/td>\nGenericRXKU-HO!961942A472C2<\/td>\nRansom-NetW!291E1CE9CD3E<\/td>\nRansom-Mailto!D60D91C24570<\/td>\n<\/tr>\n
PS\/Agent.bu<\/td>\nGenericRXKU-HO!997F0EC7FCFA<\/td>\nPS\/Agent.bx<\/td>\nRansom-CWall!3D6203DF53FC<\/td>\n<\/tr>\n
Ransom-Netwalker<\/td>\nRansom-NetW!BDE3EC20E9F8<\/td>\nGeneric .kk<\/td>\n<\/td>\n<\/tr>\n
GenericRXKU-HO!1DB8C7DEA2F7<\/td>\nGenericRXKD-DA!DD4F9213BA67<\/td>\nGenericRXKD-DA!729928E6FD6A<\/td>\n<\/td>\n<\/tr>\n
GenericRXKU-HO!9FB87AC9C00E<\/td>\nGenericRXKU-HO!187417F65AFB<\/td>\nPS\/Netwalker.b<\/td>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n\n\n\n\n\n\n\n\n\n\n\n
McAfee Web Gateway Events<\/strong><\/td>\n<\/tr>\n
RDN\/Ransom<\/td>\nBehavesLike.Win32.RansomCWall.mh<\/td>\n<\/tr>\n
BehavesLike.Win32.Generic.kh<\/td>\nRansom-NetW!1B6A2BFA39BC<\/td>\n<\/tr>\n
BehavesLike.Win32.MultiPlug.kh<\/td>\nRansom:Win32\/NetWalker.H!rsm<\/td>\n<\/tr>\n
BehavesLike.Win32.Generic.qh<\/td>\nBehavesLike.Win32.Trojan.kh<\/td>\n<\/tr>\n
GenericRXKD-DA!DD4F9213BA67<\/td>\nBehavesLike.Win32.Ipamor.kh<\/td>\n<\/tr>\n
BehavesLike.Win64.Trojan.nh<\/td>\nBehavesLike.Win32.Generic.cz<\/td>\n<\/tr>\n
RDN\/Generic.dx<\/td>\nBehavesLike.Win32.RansomCWall.mm<\/td>\n<\/tr>\n
BehavesLike.Win64.BadFile.nh<\/td>\nBehavesLike.Win32.Generic.dm<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

Summary<\/h3>\n

Ransomware has evolved into a lucrative business for threat actors, from underground forums selling ransomware, to offering services such as support portals to guide victims through acquiring crypto currency for payment, to the negotiation of the ransom. However, just as attackers work together, defenders must collaborate internally and externally to build an adaptive security architecture which will make it harder for threat actors to succeed and build resilience in the business. This blog highlights how to use McAfee\u2019s security solutions to prevent, detect and respond to NetWalker and attackers using similar techniques.<\/p>\n

McAfee ATR is actively monitoring ransomware threats and will continue to update McAfee MVISION Insights and its social networking channels with new and current information. Want to stay ahead of the adversaries? Check out McAfee MVISION Insights<\/a> for more information.<\/p>\n","protected":false},"excerpt":{"rendered":"

Building Adaptable Security Architecture Against NetWalker NetWalker Overview The NetWalker ransomware, initially known as Mailto, was first detected in August…<\/p>\n","protected":false},"author":787,"featured_media":104430,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[],"coauthors":[4601,5064,6297],"class_list":["post-103458","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mcafee-labs"],"acf":[],"yoast_head":"\nMcAfee Defender\u2019s Blog: NetWalker | McAfee Blog<\/title>\n<meta name=\"description\" content=\"Building Adaptable Security Architecture Against NetWalker NetWalker Overview The NetWalker ransomware, initially known as Mailto, was first detected in\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"McAfee Defender\u2019s Blog: NetWalker | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"Building Adaptable Security Architecture Against NetWalker NetWalker Overview The NetWalker ransomware, initially known as Mailto, was first detected in\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-08-03T14:00:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-09T06:27:28+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/shutterstock_1013026084.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Mo Cashman, Martin Ohl, Thibault Seret\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mo Cashman, Martin Ohl, Thibault Seret\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/\"},\"author\":{\"name\":\"Mo Cashman\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c9878f38cb73f700507b2718693e0816\"},\"headline\":\"McAfee Defender\u2019s Blog: NetWalker\",\"datePublished\":\"2020-08-03T14:00:43+00:00\",\"dateModified\":\"2024-07-09T06:27:28+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/\"},\"wordCount\":2638,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/shutterstock_1013026084.jpg\",\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/\",\"name\":\"McAfee Defender\u2019s Blog: NetWalker | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/shutterstock_1013026084.jpg\",\"datePublished\":\"2020-08-03T14:00:43+00:00\",\"dateModified\":\"2024-07-09T06:27:28+00:00\",\"description\":\"Building Adaptable Security Architecture Against NetWalker NetWalker Overview The NetWalker ransomware, initially known as Mailto, was first detected in\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/#primaryimage\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/shutterstock_1013026084.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/shutterstock_1013026084.jpg\",\"width\":1000,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"McAfee Defender\u2019s Blog: NetWalker\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c9878f38cb73f700507b2718693e0816\",\"name\":\"Mo Cashman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/e9035a01a4599145df1d1d64135a5bd9\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/4-96x96.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/4-96x96.png\",\"caption\":\"Mo Cashman\"},\"description\":\"Mo Cashman is one of the company\u2019s passionate leaders in cyber security. As an Enterprise Security Architect and Principal Engineer at McAfee, Mo advises our largest global customers and partners on their cyber threat management and data protection strategies for the digital enterprise. Mo\u2019s passion is to inspire our next generation security professionals as well as help customers architect for future resilience. With that passion and over 20 years of experience, Mo leads our Security Architect and Executive Briefing Center programs in EMEA, where we host hundreds of customers each year. In previous roles at the company, Mo was the Chief Technical Strategist for the Global Public Sector and just prior to joining the company, lead Computer Security Incident Response and Threat Intelligence Teams investigating and responding to sophisticated cyber threats across the world.\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mo-cashman\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"McAfee Defender\u2019s Blog: NetWalker | McAfee Blog","description":"Building Adaptable Security Architecture Against NetWalker NetWalker Overview The NetWalker ransomware, initially known as Mailto, was first detected in","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"McAfee Defender\u2019s Blog: NetWalker | McAfee Blog","og_description":"Building Adaptable Security Architecture Against NetWalker NetWalker Overview The NetWalker ransomware, initially known as Mailto, was first detected in","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2020-08-03T14:00:43+00:00","article_modified_time":"2024-07-09T06:27:28+00:00","og_image":[{"width":1000,"height":600,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/shutterstock_1013026084.jpg","type":"image\/jpeg"}],"author":"Mo Cashman, Martin Ohl, Thibault Seret","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"Mo Cashman, Martin Ohl, Thibault Seret","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/"},"author":{"name":"Mo Cashman","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c9878f38cb73f700507b2718693e0816"},"headline":"McAfee Defender\u2019s Blog: NetWalker","datePublished":"2020-08-03T14:00:43+00:00","dateModified":"2024-07-09T06:27:28+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/"},"wordCount":2638,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/shutterstock_1013026084.jpg","articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/","name":"McAfee Defender\u2019s Blog: NetWalker | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/shutterstock_1013026084.jpg","datePublished":"2020-08-03T14:00:43+00:00","dateModified":"2024-07-09T06:27:28+00:00","description":"Building Adaptable Security Architecture Against NetWalker NetWalker Overview The NetWalker ransomware, initially known as Mailto, was first detected in","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/#primaryimage","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/shutterstock_1013026084.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2020\/07\/shutterstock_1013026084.jpg","width":1000,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/mcafee-defenders-blog-netwalker\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"McAfee Defender\u2019s Blog: NetWalker"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/c9878f38cb73f700507b2718693e0816","name":"Mo Cashman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/e9035a01a4599145df1d1d64135a5bd9","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/4-96x96.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2021\/08\/4-96x96.png","caption":"Mo Cashman"},"description":"Mo Cashman is one of the company\u2019s passionate leaders in cyber security. As an Enterprise Security Architect and Principal Engineer at McAfee, Mo advises our largest global customers and partners on their cyber threat management and data protection strategies for the digital enterprise. Mo\u2019s passion is to inspire our next generation security professionals as well as help customers architect for future resilience. With that passion and over 20 years of experience, Mo leads our Security Architect and Executive Briefing Center programs in EMEA, where we host hundreds of customers each year. In previous roles at the company, Mo was the Chief Technical Strategist for the Global Public Sector and just prior to joining the company, lead Computer Security Incident Response and Threat Intelligence Teams investigating and responding to sophisticated cyber threats across the world.","url":"https:\/\/www.mcafee.com\/blogs\/author\/mo-cashman\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/103458","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/787"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=103458"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/103458\/revisions"}],"predecessor-version":[{"id":196197,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/103458\/revisions\/196197"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media\/104430"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=103458"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=103458"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=103458"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=103458"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}