According to new data by TrendMicro, attackers utilising the Emotet banking Trojan predominantly used internet providers located in the U.S.A. to host their Command & Control infrastructure. In a recent blog post, TrendMicro states that the United States of America, with a 45% share, hosts more Emotet C2 infrastructure through Comcast, followed by Mexico and Canada. The top 3 ASN numbers being used to host the C2 servers are 7922 (Comcast Cable), 8151 (Telmex), and 22773 (Cox Communications). This infrastructure was determined by actively tracking Emotet and with nearly 15 thousand artefacts ranging between June and September 2018.
Ryan Wilk, VP at NuData Security:
“Banking providers in the US need to be acutely aware of this threat, as this malware attempts to compromise confidential communication, meaning both the internal processes of the bank’s workings and sensitive financial information pertaining to customers are both potentially at risk. These sort of compromising situations seem unlikely to become a thing of the past for the banking sector as it is such a high-value target for cybercriminals, so financial institutions need to engage in more proactive measures to protect privileged accounts, including two factor authentication and programmes of passive biometrics.”