Since July of 2016, there has been an observable increase in the number of Emotet/Qakbot infections impacting small and medium-sized businesses. This family of malware spreads using the Windows Server Message Block (SMB) protocol. Preventing the spread of the worm is a simple precaution that many organizations who lack a formal security program miss. This talk demonstrates the impact of SMB spreading worms on an unprotected enterprise network from real-world case studies, the effort necessary to remediate an SMB infection, and some low business impact security controls that could prevent the spread.

Matthew serves as a Senior Incident Response Analyst on Cisco,s Advisory Services team. Prior to joining Cisco, Matt served nine years in the United States Marine Corps as a Cyber Systems Chief in addition to various public/private sector roles as a Malware and Digital Forensic Analyst. With over 15 years of experience working in the Information Technology field in Windows, Linux, and Apple environments. Matt has a B.S. in Information Systems Security and is currently pursuing a M.S. in Digital Forensic Science from Champlain College. Matt also holds multiple industry certifications to include the GIAC Reverse Engineer Malware (GREM), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH), and the Certified Information Systems Security Professional - Information Systems Security Management Professional (CISSP-ISSMP). Matt currently lives in Northern Virginia with his wife and young son. https://blogs.cisco.com/author/mattaubert https://www.medium.com/@aubsec

Back to Converge 2018 video list