In recent weeks there has been a resurgence of Emotet, one of the most well-developed and long-lasting trojans ever created. In early 2021 an internationally coordinated law enforcement initiative saw its command-and-control infrastructure dismantled, but the cybercriminal organization behind it remained intact. These well-funded cybercriminals have taken the time to improve Emotet even further, adding significant capabilities for it to spread within a computer network, evade anti-virus, cripple computer systems, and install ransomware throughout an organization.
As a result, there has been a spike in Emotet-related breaches in recent weeks resulting in credential theft, banking fraud and ransomware attacks. Emotet mostly relies on email to gain an initial foothold within an organization. Once a single computer has been infected, Emotet uses an extensive array of capabilities to spread across the network, including the use of Cobalt Strike, a professional computer and network penetration tool that was stolen by hackers and integrated into Emotet and other ransomware strains.
What you should do
- Emotet mostly relies on Microsoft Office attachments containing malicious macros. If you receive an email with a Microsoft Office attachment (Word, Excel, PowerPoint) and are prompted to enable macros, do not enable them unless absolutely necessary and you are highly confident that the email and attachment are legitimate.
- In some cases, the malicious documents contain instructions to copy the file to a template directory where macros are able to run without requesting permission from the user. If you receive an attachment with such instructions, do not follow the instructions or enable macros in the document.
- Emotet spreads through email by hijacking legitimate email threads and sending replies containing a malicious attachment. Do not automatically trust documents or attachments just because they are inside an existing email thread from someone you know.
- Share this information with your network to ensure everyone is aware of the threat and handles email attachments with caution.
- Make sure updates for operating system and applications are installed as soon as they are available.
- Have a secure backup strategy that includes an off-site and offline copy of critical data
- Protect your network with a monitored network intrusion prevention system such as My Security Console. My Security Console appliances monitor all activity on the network, block malicious traffic, and receive daily updates to protect against new and evolving threats.