Forcepoint Security Labs has identified a new variant of the Geodo/Emotet banking malware which has been targeting people in the UK. The campaign recorded appeared to peak on 18 April 2017 and primarily targeted email addresses associated with the .UK domain. The subject line of the emails sent varied slightly but the content took the form of fake billing notification emails, using an abnormally high billing amount to drive customers to click the link. Similar to previously recorded Geodo campaigns, these emails were formatted using images hosted by legitimate operator websites. Carl Leonard, Principal Security Analyst at Forcepoint commented below.
Carl Leonard, Principal Security Analyst at Forcepoint:
“The hackers have focused on the human point of interaction with critical business data and IP, using very believable visual cues to persuade the recipient that their message is credible. This sort of attack underscores the need for individuals and organisations to focus on the human aspect of cybersecurity. The best defence against these sorts of emails is a well-trained workforce that is capable of spotting them when they arrive, a program for observing user behaviour and intelligent systems that can prevent the attack in its earliest stage. To fail at this first line of defence, creates the possibility for significant damage, and risks the malware spreading further.”