ALERT: Malicious email campaign resurfaces as new threat

FOR IMMEDIATE DISTRIBUTION

Dubbed the largest and most dangerous botnet, Emotet has shown signs of new activity through increased spam email traffic. Due to the nature of this threat, I have put mitigation tips at the top of this post so you can take action right now and come back to read the rest when available.

Prevention tips:

  • Make sure all systems are up to date.
  • Where possible use 2 factor authentication.
  • Never use default passwords. Ever. Always change passwords on new programs and devices as you set them up.
  • Do not open any attachments without confirming they are genuine.
  • Make sure that macros are disabled in Office programs like Word, Excel etc.
  • If you don’t already have a disaster recovery plan (backups) see about getting one set up.

If you are infected:

  • Power down affected systems immediately and remove them from your network.
  • Contact an IT professional or your in-house IT support

More about Emotet

  • Emotet is a very powerful and flexible class of malware that infects systems as a trojan and uses secondary infection techniques to spread across networks.
  • Emotet is also very hard to detect as it is polymorphic which means it can change itself to avoid being identified as malicious.
  • Of particular concern is Emotet’s ability to download and install other forms of malware and with the recent increase in Ransomware activities successfully targeting schools, local government and other vulnerable organisations it is possible we may see Emotet evolve again to help cast a wide net to conduct targeted attacks.
  • Emotet is also regarded as a modular threat. It can change behaviour even after infection by instructions issued by Command and Control (C2) servers in the botnet network.

Image from CISA (Department of Homeland Security) https://www.us-cert.gov/ncas/alerts/TA18-201A

How do these tips help with Emotet?

  • Emotet relies on security flaws like EternalBlue and Bluekeep. Patching these flaws effectively closes off one of the ways that the malware spreads after initial infection.
  • 2 Factor Authentication stops the successful use of stolen usernames and passwords. Without that second factor of authentication available, a username and password is useless.
  • Changing default passwords is a critical step in cybersecurity. Default passwords are as bad as no password at all because malware and hackers try to breach systems with default passwords first. It gives the easiest access with often the highest privileges.
  • Taking care with attachments and links is highly effective in strengthinging the last line of defence when malware and spam filters fail. Humans are very effective at detecting emails that might otherwise pass technical checks but the context of and email might seem off. Trust your gut instinct.
  • Macros are powerful ways to automate documents that make life easy not only for you but also for the attacker. Macro-enabled documents sent via email are highly risky and for this reason macros are disabled by default.
  • Sometimes you do all the right things and even then attacks slip through. When this happens having a way to bounce back from an attack is far more cost effective compared to trying to piece together a recovery from cyberattack on the fly. A little preparation pays off in the long run.

If you are not already subscribed to my free monthly cybersecurity newsletter then you are welcome to signup via MailChimp here.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.