Return Of Emotet In New 2020 Campaign – Expert On Research

Researchers at cybersecurity firm Proofpoint have observed that the prolific botnet Emotet has returned to the email threat landscape after a hiatus at the end of 2019. The Trojan-turned-botnet is being distributed by threat group TA542, using attachments and malicious links containing the botnet payload. So far in 2020, Proofpoint has observed Emotet targeting pharmaceutical companies in the US, Mexico, Germany, Japan and Australia amongst other regions and sectors.

Experts Comments

January 17, 2020
Sherrod DeGrippo
Senior Director, Threat Research and Detection
Proofpoint
Emotet is one of the world’s most disruptive threats and organizations worldwide should take its return seriously. They have a massive sending infrastructure—nobody hits volumes like they do. TA542’s recent uptick in activity shows that threat actors work smarter not harder. They took 150 days off in 2019 and even with breaks, they’re incredibly effective. When TA542 returned in September 2019 from a summer hiatus, they accounted for over 11% of all malicious attachments we saw.....Read More
Emotet is one of the world’s most disruptive threats and organizations worldwide should take its return seriously. They have a massive sending infrastructure—nobody hits volumes like they do. TA542’s recent uptick in activity shows that threat actors work smarter not harder. They took 150 days off in 2019 and even with breaks, they’re incredibly effective. When TA542 returned in September 2019 from a summer hiatus, they accounted for over 11% of all malicious attachments we saw globally for the entire third quarter of that year despite being active for only two weeks during that three month period. It’s important security teams continue to secure their email channel and educate users regarding the increased risks associated with email attachments.  Read Less
January 20, 2020
Javvad Malik
Security Awareness Advocate
KnowBe4
Emotet is quite difficult to mitigate against with any one security control because of the various techniques and methods it employs. While it is important to have technical controls in place, many of the social engineering techniques can bypass technical controls. Therefore, it's vital that organisations invest in providing security awareness and training to employees so that they can be better equipped to identify and report any suspicious activity.

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.