Expert Comment: Emotet Attacks

Emotet has been around since 2014 and is usually spread through an email that contains a doc or malicious link, usually with language pertaining to an invoice or necessary payment … and these days even on shipping updates. Once someone clicks the link or opens the malicious document, it collects your contacts list and proceeds to email those contacts pretending to be you. Those contacts are then placed at a huge risk because the email they’re receiving is usually from someone they know (you), so they trust the link or doc attached. Emotet also spreads by pushing out common passwords to try to get into other connected systems. And it doesn’t stop there – bank trojans, TrickBot and QakBot are all usually spread by Emotet. TrickBot uses the same spreading method as WannaCry by utilizing Microsoft SMB aka EternalBlue. We\'ve especially seen it in the U.S., Canada and Europe, stealing banking credentials and collecting financial data. Tips to stay safe: 1. Be up to date with all the latest patches, especially with Microsoft Windows. 2. Never download attachments or click any links until you have a second verification that the person sent the item to you. This can be via a text, a call, internal messaging, etc. If you think you have been infected by Emotet, isolate it and patch the infection. Just note, you can be re-infected if reconnecting it to an infected network, so it’s best to know what computers are on your network and patch it accordingly before reconnecting it. Overall, this is a reminder that EVERYONE is a target at any organization. It’s important to understand the graveness of phishing emails – organizations must make sure that every employee understands how easy it is to be phished, especially when we still have people who are apathetic to it. In today’s climate, phishers understand peoples’ pain points and passions all too easily in order to make their malicious emails more compelling – bad actors put in the effort into researching how to get victims to click. We should all be putting in the same, if not more effort into training people on how to avoid being baited and fall victim – not only for their own safety, but for the safety of everyone else. All it takes is one single person to click on one single malicious link.  Read Less

The warning from CERT-FR on the increased Emotet malware activity is another indication of how sophisticated some malware groups have become. The Emotet malware was first identified in 2014 and has been developed continuously since. Malicious actors are following the same software development life cycle we use in industry, keeping their wares relevant as long as they can and adding features and capability with each cycle. Malware development has reached the level of professional service and this shows the kind of threats the industry is up against: professional criminals with resources, skill, and a process that seeks to improve their malicious tools while they develop new ones. We need to stay a step or more ahead of them, and deploy tools such as behavioral analytics, that can respond to updated existing threats, while reliably stopping previously unseen attacks.  Read Less