Get the Global IP Investigations and Enforcement Perspective

Industry content delivered straight to your inbox.
Email address
Secure and Spam free...

Why Employees Must Be Hacker-Detectors

On January 27th, a coordinated global law enforcement operation took down a notorious malware network that is said to have generated billions of dollars in losses by infiltrating thousands of computers around the world and selling access to those computers to other criminal gangs.

The malware network is called, ‘EMOTET.’

How the EMOTET worked is intriguing for sure, and I would urge you to visit some links in this post to get a detailed understanding of what the criminals did.

But the focus of this post will be to reinforce the absolute necessity for organizations public and private to step-up their game in training their personnel to become proficient at screening their electronic communications before opening anything.

The volume of intellectual property and other data stolen since EMOTET first appeared on the scene in 2014 is staggering.


According to the Europol press release

“EMOTET has been one of the most professional and long-lasting cybercrime services out there. First discovered as a banking Trojan in 2014, the malware evolved into the go-to solution for cybercriminals over the years.

“The EMOTET infrastructure essentially acted as a primary door opener for computer systems on a global scale. Once this unauthorized access was established, these were sold to other top-level criminal groups to deploy further illicit activities such data theft and extortion through ransomware.”


Essentially, it started like it always starts—through impersonation. It tricks a person into believing that the email attachment or link is from a legitimate source.

Once the person opens up the link or attachment, they infect the computer with the malware. And, as a result, the victim passes the malware onto other computers it is communicating with that also get absorbed by the malware ‘botnet.’

I am reminded of the Iranian spear-phishing operation of universities, and a few government agencies in 2018:

The New York Times then reported, “The spear-phishing emails purported to be from professors at one university to those at another and contained what appeared to be authentic article links. But once clicked on, the links steered the professors to a malicious Internet domain that led them to believe they’d been logged out of their systems and that asked them to enter their log-in credentials.

  • 31.5 terabytes of academic data and IP stolen
  • $3-4 Billion value to procure data and IP by affected U.S. universities
  • 144 U.S. universities
  • 176 universities across 21 foreign countries
  • Targeted 100,000 professor accounts around the world
  • 8,000 professor email accounts in the U.S. alone
  • 47 domestic and foreign private sector companies, and
  • 5 U.S. government agencies


Very smart. They created an automated email system that sent thousands and thousands of emails daily with authentic-looking pitches to unsuspecting victims. 

And even if an organization eventually learned of the intrusion, and set up a protection system to recognize the bogus emails, EMOTET would change their look and get in and stay in.


What is the most effective defense against this type of cyber intrusion?


The continuous training of personnel to recognize signs of a potential intrusion is imperative.

In this short video, titled, ‘Phishing tricks crooks use to make you open malware email attachments ‘ a cybersecurity expert details the problem and explains that, “People are the new perimeter.”


I would argue that personnel should be evaluated, in part, for their capacity to pick up signs of a potential intrusion and how to respond. If the candidate or employee does not test well, then this should be taken into consideration.

What is the benefit of having an employee that’s a terrific worker, yet does not have the capacity to keep from letting devastating malware through the front door of your organization?

Employees need to become ‘hacker detection profilers.’

If an organization trains an employee to recognize hacker activity indicators, and that training is persistent, it raises the security perimeter exponentially.

Another cybersecurity expert said in his video titled, ‘EMOTET is Dead,’ “organizations… [should] really focus on behavioral detection as opposed to a signature-based approach which bad guys are so well-schooled at avoiding nowadays.”


We need to keep our eye on what drives the flood of malware intrusions into personal and organizational computers; it is not always cyber wizardry, (like the recent Solar Winds supply chain infiltration) but human behavior.

Finally, we applaud the global law enforcement coordination that brought this massive criminal network down, The Netherlands, Germany, France, Lithuania, Canada, the United States, and the United Kingdom. In these global-cyber times, this kind of transnational coordination is critical.

Check if your e-mail address is present in the EMOTET botnet data  

Check if your e-mail address is present in other hacks

Disclaimer: is offered as a service to the professional IP community. While every effort has been made to check information in this blog, we provide no guarantees or warranties, express or implied, with regard to content provided in We disclaim any and all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such person and the accuracy and validity of the information provided by them. This blog is provided for general information purposes only and is not intended to provide legal or other professional advice.

Did you find this post useful?
I agree to have my personal information transfered to MailChimp ( more information )
Join other IP protection professionals, i.e., investigators, attorneys, and brand protection specialists and receive updates straight to your inbox.
We hate spam. Your email address will not be sold or shared with anyone else.

Ron Alvarez is an IP investigations and protection consultant and writer in New York City. He is a former NYPD lieutenant where he investigated robbery, narcotics, internal affairs, and fine art theft cases. Ron has since coordinated the private investigation of international fraud and money laundering cases, as well as IP-related investigations and research involving the four pillars of IP: copyright, patents, trademarks, and trade secrets. Ron is a graduate of the FBI National Academy and earned a B.A. in Government and Public Administration from John Jay College of Criminal Justice in Manhattan. He has written a number of articles for various investigative publications, as well as published "The World of Intellectual Property (IP) Protection and Investigations" in November 2021.

1 comment on “Why Employees Must Be Hacker-Detectors

  1. Pingback: Cybersecurity: Stress Drives Violation of Cyber Policy – IP PROBE – Blog

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get the Global IP Investigations and Enforcement Perspective

Industry content delivered straight to your inbox.
Email address
Secure and Spam free...
%d bloggers like this: