Expert(s):
Senior Director, Threat Research and Detectionfeature_status*/ ?>
Proofpoint

Comments Dotted : 4
January 28, 2021

Emotet Takedown – What’s Next
At this stage, it’s difficult to tell what this global action will bring.

Emotet has been with us for many years. TA542, the actor behind the botnet, has been tracked by Proofpoint since 2014, when reports of their signature payload, Emotet, emerged. 

 

It has since become known as one of the world’s most disruptive threats. What makes Emotet particularly dangerous for organizations is that it has been the primary foothold for the future deployment of other banking trojans. At this point, any mainstream banking trojan may lead to devastating ransomware attacks.

.....Read More

Emotet has been with us for many years. TA542, the actor behind the botnet, has been tracked by Proofpoint since 2014, when reports of their signature payload, Emotet, emerged. 

 

It has since become known as one of the world’s most disruptive threats. What makes Emotet particularly dangerous for organizations is that it has been the primary foothold for the future deployment of other banking trojans. At this point, any mainstream banking trojan may lead to devastating ransomware attacks. Their campaign volume is typically large, as we usually observe hundreds of thousands of emails per day when Emotet is operating. 

 

At this stage, it’s difficult to tell what this global action will bring. Law enforcement events can have and previously have had a variable impact on disrupting the technology and operators of these large-scale botnets. Considering this appears to be a law enforcement action on the backend infrastructure of the Emotet botnet, this really could be the end. Further to this, if the threat actors behind the botnet (TA542) were apprehended or even disrupted in some way, that could have a significant impact on the potential of future operations.

  Read Less
October 08, 2020

Expert Advise On Cybercriminals Using Trump COVID-19 Illness To Spread Malware
A strong user education program that reinforces the risks posed by links and attachments is encouraged.
This campaign attempted to spread unknown malware via BazaLoader, a first stage downloader initially observed earlier this year. Proofpoint researchers have previously observed BazaLoader being distributed in high volume email campaigns by a threat actor that is primarily known to distribute TrickBot. From a mitigation standpoint we recommend organizations use a secure email gateway, that features an effective antimalware program, to help ensure these types of threats don’t make it to.....Read More
This campaign attempted to spread unknown malware via BazaLoader, a first stage downloader initially observed earlier this year. Proofpoint researchers have previously observed BazaLoader being distributed in high volume email campaigns by a threat actor that is primarily known to distribute TrickBot. From a mitigation standpoint we recommend organizations use a secure email gateway, that features an effective antimalware program, to help ensure these types of threats don’t make it to users’ inboxes. A strong user education program that reinforces the risks posed by links and attachments is also encouraged.  Read Less
October 04, 2020

Ahead Of U.S. Election, Email Attack Mimics Democratic Pitches For Volunteers – Expert Reaction
Today Proofpoint prevented thousands of malicious emails from hitting unsuspecting voters nationwide.
Today Proofpoint prevented thousands of malicious emails from hitting unsuspecting voters nationwide—and it’s essential that everyone is aware that threat actors are actively working to impersonate trusted sources this election season. Emotet is one of the world’s most disruptive threats and their quick use of DNC-themed emails following this week’s presidential debate demonstrates just how swiftly threat actors can tailor their email lures to focus on prominent events. To avoid.....Read More
Today Proofpoint prevented thousands of malicious emails from hitting unsuspecting voters nationwide—and it’s essential that everyone is aware that threat actors are actively working to impersonate trusted sources this election season. Emotet is one of the world’s most disruptive threats and their quick use of DNC-themed emails following this week’s presidential debate demonstrates just how swiftly threat actors can tailor their email lures to focus on prominent events. To avoid impersonation attempts this election cycle, approach all unsolicited emails with extreme caution especially if they ask you to take urgent action. Do not open email attachments or click on emailed links and be sure to deeply examine any and all digital communication surrounding the election to verify authenticity and reduce risk.  Read Less
January 17, 2020

Return Of Emotet In New 2020 Campaign – Expert On Research
TA542’s recent uptick in activity shows that threat actors work smarter not harder.
Emotet is one of the world’s most disruptive threats and organizations worldwide should take its return seriously. They have a massive sending infrastructure—nobody hits volumes like they do. TA542’s recent uptick in activity shows that threat actors work smarter not harder. They took 150 days off in 2019 and even with breaks, they’re incredibly effective. When TA542 returned in September 2019 from a summer hiatus, they accounted for over 11% of all malicious attachments we saw.....Read More
Emotet is one of the world’s most disruptive threats and organizations worldwide should take its return seriously. They have a massive sending infrastructure—nobody hits volumes like they do. TA542’s recent uptick in activity shows that threat actors work smarter not harder. They took 150 days off in 2019 and even with breaks, they’re incredibly effective. When TA542 returned in September 2019 from a summer hiatus, they accounted for over 11% of all malicious attachments we saw globally for the entire third quarter of that year despite being active for only two weeks during that three month period. It’s important security teams continue to secure their email channel and educate users regarding the increased risks associated with email attachments.  Read Less