Emotet Malware Phishing Campaign Targeting UN – Email Security Expert Commentary

The latest cyberattack against users affiliated with the United Nations demonstrates how a convincing phishing email can be an extremely effective attack vector—especially among high value/high ranking targets, in this case UN Delegates instead of corporate executives. Because these attacks differ from the normal Emotet spam campaigns (usually they are fake accounting reports, delivery notices and invoices), we know that the bad actors are specifically tailoring their approach based on other knowledge or data they’ve acquired. This is an extremely common tactic in today’s threat landscape, and cybercriminals are leveraging swaths of information to launch highly convincing impersonation-based attacks. As phishing emails increasingly become harder and harder to detect, the first essential step is to prevent malicious emails from ever entering inboxes. We believe that by focusing on the sender’s identity and blocking all emails that come from unauthenticated sources you effectively stop these attacks at their source—before they can do any damage. In this case, the attack could have been stopped by flagging the sender as not a legitimate United Nations personnel but an impersonator sending email from an untrusted domain. Blocking impersonations like these can stop more than 83 percent of malicious emails in their tracks. Properly implementing a DMARC record and advanced anti-phishing solutions that authenticate sender identity are critical to protecting organizations from phishing, which is implicated in more than 90 percent of all cybersecurity attacks.  Read Less