Over the past week, global cybersecurity agencies have published security alerts warning about a large uptick in Emotet malware attacks targeting their respective countries.
The recent Emotet activity includes email spam campaigns originating from their own infrastructure, targeting companies and government agencies. Targeted organisations who received the emails and opened the attachments were at risk of getting infected with the dangerous malware.
The recent rise of the infamous Emotet malware attacks come to no surprise, as BlackBerry’s Research and Intelligence team actively tracks the Emotet botnets called Epoch 1, Epoch 2 and Epoch 3. These botnets operate as a sophisticated malware delivery platform that is frequently updated to evolve and stay ahead of new security metrics and blockers built to fight it. As of late, the botnets were observed distributing banking trojans named Qbot and Trickbot, as well as additional tooling, including credential stealers, WiFi brute-force malware, and spam. They also ran network propagation modules that cyberattackers can leverage to perform lateral movements once they hack into and have access within an organisation’s network post-infection.
This strain of malware continues to be successful because Emotet has a good infrastructure for malicious activity. There are two things that make Emotet so stable: it is modularised to enhance its function, so consequently can conduct a wide range of malicious activity based on the attacker’s command. Secondly, the developer of Emotet maintains the code well and it is continuously updated.
The recent rise of the infamous Emotet malware attacks come to no surprise, as BlackBerry’s Research and Intelligence team actively tracks the Emotet botnets called Epoch 1, Epoch 2 and Epoch 3. These botnets operate as a sophisticated malware delivery platform that is frequently updated to evolve and stay ahead of new security metrics and blockers built to fight it. As of late, the botnets were observed distributing banking trojans named Qbot and Trickbot, as well as additional tooling, including credential stealers, WiFi brute-force malware, and spam. They also ran network propagation modules that cyberattackers can leverage to perform lateral movements once they hack into and have access within an organisation’s network post-infection.
This strain of malware continues to be successful because Emotet has a good infrastructure for malicious activity. There are two things that make Emotet so stable: it is modularised to enhance its function, so consequently can conduct a wide range of malicious activity based on the attacker’s command. Secondly, the developer of Emotet maintains the code well and it is continuously updated.