Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Thursday, 11 August, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Emotet Strikes Back

Dangerous malware returns after almost half a year under the radar

by Sabina
July 21, 2020
in Editor's News, Research
emotet malware
Share on FacebookShare on Twitter

The past few days has seen the resurgence of Emotet, a dangerous email threat vector that aims to steal sensitive and financial information.

ZIX, the cybersecurity company that specialises in email security has uncovered a worrying trend that could lead to users falling victim to cybercriminals seeking to exploit the uncertainty of these precarious times by stealing money from unwitting and undersecured users. This instance of financial-stealing malware is appearing again after five months under the radar, catching many enterprises and individuals off guard.

Emotet is a modular banking Trojan that relies on heavy obfuscation and evasion techniques while committing financial theft. The Trojan spreads itself throughout the network by making use of its worm spreader module and brute forcing attacks within the network.

The primary method Emotet uses to reach its target is malspam – emails containing malicious attachments or links. These emails often use familiar branding, previously scraped conversations or commonly spoofing someone in the same company. These types of scams are often difficult to discern because of their sophisticated nature. This means that users must be all the more vigilant when opening documents that may contain a malicious payload, and only if they have been properly vetted. Unfortunately, the sophisticated nature of the Emotet scams means that some email security parameters are not well enough equipped to protect users, and they often reach their target unnoticed.

ZIX has observed small volumes of Emotet malspam earlier in the week commencing the 13th of July, 2020. The email security experts have suggested that this was potentially the cybercriminal syndicate testing their operation. However, after only a few days, Chris Lee, cybersecurity analyst at ZIX revealed that the criminal activity had increased. “Emotet’s three unique botnets ramped up their operations. They’re known for distributing extremely large amounts of malspam utilizing these botnets.”

Most of Emotet’s malspam campaigns had gone dormant since early February. However, Lee revealed that the latest updates include a WiFi spreader module, which can wreak havoc on unsecured networks that are increasingly being utilised by a mobilised workforce.

Emotet Sample:

 

One of the many variants that ZIX has recently observed hides the payload URL in the HTML of the message. The emails containing these malicious payloads will urge users to open the link, often by evoking a sense of urgency. Once clicked, the link prompts the download of a malicious rich text format (.rtf) file.

“You can see that they’re spoofing sbcglobal.net in an attempt to appear legitimate.” Lee revealed, going on to state that “this domain is very commonly spoofed and one that bad actors have had success with in the past”. As past endeavours spoofing this domain have proved to be fruitful, it is no surprise that the cybercriminals conspiring behind the Emotet scheme have continued to leverage the same domain.

In this example, kindly shared by the research team at ZIX, the Emotet syndicate seems to be spoofing the City of Liberty, Texas. The link points to a .doc file download.

 

 

Another variant of this ongoing campaign with a directly attached malicious .doc file

In the example above, cybercriminals are spoofing an excavating business, proving that they have no restraints, and nobody is off limits from the crosshairs of cybercriminals. Furthermore, phishing emails like this often use time sensitive language, or documents that make users feel obliged to open them to prevent missing out on valuable information.

All of the samples ZIX has investigated so far are using the same template. Lee warned that these threat actors are claiming the file was created on an iOS device and you must “Enable Edition” or “Enable Content” to view the supposed content of the file. If you select “Enable Editing” or “Enable Content”, the macros will run and execute the infection process, targeting your financial information

Mitigation Tactics

Chris Lee, and the email security experts at ZIX have shared some advice on how enterprises and individual users can best mitigate and limit the threat of Emotet and other nefarious email-centric scams.

  1. The best thing you can do is to disable macros for your company, the easiest way to accomplish this is through Group Policy (a feature of Microsoft Windows Active Directory that adds additional controls to user and computer accounts). Reach out to your IT/Helpdesk team to see if this is an option or has already been done.
  2. User education has never been more important, malicious actors are constantly innovating and pivoting, users need to be on their game and know what to look for and what not to click on. Establish an easy process in your company where users can submit anything suspicious to your IT/Helpdesk team for review.
  3. Defense in depth is something that your company should constantly strive for, securing security partnerships with tried and tested security providers. This is especially true when considering email security, as all too often this is a secondary function of third-party security providers, when in reality it should be prioritised as the critical risk vector that it is.

 

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Cybercriminals Leveraging Public Cloud Services for Phishing

Next Post

Edgescan finds Critical WordPress Plugin Vulnerabilities – Here’s All You Need To Know

Recent News

Laptop, phone, hands

Campaign Launched to Stop People From Becoming Money Mules

August 11, 2022
MIRACL is One Cybersecurity Company to Watch in 2022

MIRACL is One Cybersecurity Company to Watch in 2022

August 10, 2022
Hooded Torso

Unitree Robot Gun Carrying Dog Disabled by Remote Hacking Tool

August 10, 2022
black background, square. Infinity sign. META logo.

Meta Take Action Against Two Cyber Espionage Operations in South Africa

August 10, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information