Emotet operators launched a sophisticated phishing attack against email addresses associated with users at the United Nations. The Emotet attackers are impersonating representatives of Norway at the United Nations in New York by sending malicious emails that state that there is a problem with an attached signed agreement to UN employees. If a victim opens the document and enables its content, malicious Word macros will be executed that downloads and installs Emotet on the computer. The malspam campaign was seen being sent to 600 unique email addresses at the United Nations.
The latest cyberattack against users affiliated with the United Nations demonstrates how a convincing phishing email can be an extremely effective attack vector—especially among high value/high ranking targets, in this case UN Delegates instead of corporate executives. Because these attacks differ from the normal Emotet spam campaigns (usually they are fake accounting reports, delivery notices and invoices), we know that the bad actors are specifically tailoring their approach based on other knowledge or data they’ve acquired. This is an extremely common tactic in today’s threat landscape, and cybercriminals are leveraging swaths of information to launch highly convincing impersonation-based attacks.
As phishing emails increasingly become harder and harder to detect, the first essential step is to prevent malicious emails from ever entering inboxes. We believe that by focusing on the sender’s identity and blocking all emails that come from unauthenticated sources you effectively stop these attacks at their source—before they can do any damage. In this case, the attack could have been stopped by flagging the sender as not a legitimate United Nations personnel but an impersonator sending email from an untrusted domain. Blocking impersonations like these can stop more than 83 percent of malicious emails in their tracks. Properly implementing a DMARC record and advanced anti-phishing solutions that authenticate sender identity are critical to protecting organizations from phishing, which is implicated in more than 90 percent of all cybersecurity attacks.