Emotet Cybersecurity Advisory

Published by Dominic Chorafakis on

In recent weeks there has been a resurgence of Emotet, one of the most well-developed and long-lasting trojans ever created. In early 2021 an internationally coordinated law enforcement initiative saw its command-and-control infrastructure dismantled, but the cybercriminal organization behind it remained intact. These well-funded cybercriminals have taken the time to improve Emotet even further, adding significant capabilities for it to spread within a computer network, evade anti-virus, cripple computer systems, and install ransomware throughout an organization.

As a result, there has been a spike in Emotet-related breaches in recent weeks resulting in credential theft, banking fraud and ransomware attacks. Emotet mostly relies on email to gain an initial foothold within an organization. Once a single computer has been infected, Emotet uses an extensive array of capabilities to spread across the network, including the use of Cobalt Strike, a professional computer and network penetration tool that was stolen by hackers and integrated into Emotet and other ransomware strains.

What you should do

  1. Emotet mostly relies on Microsoft Office attachments containing malicious macros. If you receive an email with a Microsoft Office attachment (Word, Excel, PowerPoint) and are prompted to enable macros, do not enable them unless absolutely necessary and you are highly confident that the email and attachment are legitimate.
  2. In some cases, the malicious documents contain instructions to copy the file to a template directory where macros are able to run without requesting permission from the user. If you receive an attachment with such instructions, do not follow the instructions or enable macros in the document.
  3. Emotet spreads through email by hijacking legitimate email threads and sending replies containing a malicious attachment. Do not automatically trust documents or attachments just because they are inside an existing email thread from someone you know.
  4. Share this information with your network to ensure everyone is aware of the threat and handles email attachments with caution.
  5. Make sure updates for operating system and applications are installed as soon as they are available.
  6. Have a secure backup strategy that includes an off-site and offline copy of critical data
  7. Protect your network with a monitored network intrusion prevention system such as My Security Console. My Security Console appliances monitor all activity on the network, block malicious traffic, and receive daily updates to protect against new and evolving threats.
Categories: Uncategorized

Related Posts

Why IT Environments are increasingly moving to Managed Detected and Response (MDR) services

In today’s rapidly evolving cybersecurity landscape, not all IT environments have the capacity to manage cybersecurity on their own. An increasing number of organizations are turning to Managed Detection and Response (MDR) services for security Read more…

Enhancing Cybersecurity in Business: Tackling Today’s Top Threats  

As organizations increasingly rely on technology to operate, cyberattacks pose a significant threat to businesses today. Cybercriminals are using sophisticated methods such as phishing, malware, ransomware and social engineering to breach an organization’s network and Read more…

CSaaS: The Benefits of Managed Cyber Security

A security breach can cause an organization to suffer reputational blows, lose customer trust and incur financial loss caused by viruses and malware, ransomware and extortion, unplanned downtime, and data corruption.  Basic protection is often Read more…

en_CAEnglish
fr_CAFrench en_CAEnglish