Serviceteam IT Security News

America’s Cybersecurity and Infrastructure Security Agency (CISA) issued a warning yesterday after observing an increase in the number of targeted cyber-attacks that utilize Emotet.

Emotet functions as a modular botnet that can steal data, send malicious emails, and act as a dropper, downloading and installing a wide range of malware onto a victim’s computer. This sophisticated strain of malware was developed by threat group TA542. 

CISA said: “Emotet primarily spreads via malicious email attachments and attempts to proliferate within a network by brute forcing user credentials and writing to shared drives. If successful, an attacker could use an Emotet infection to obtain sensitive information.”

The agency warned that such an attack could result in the loss of money and of proprietary information as well as cause “disruption to operations and harm to reputation.”

CISA advised users and system administrators to block email attachments such as .dll and .exe, which are commonly associated with malware, and to block any email attachments that cannot be scanned by antivirus software.

Further protection measures suggested by CISA are to implement firewalls, an antivirus program, and a formalized patch management process.

To stop a virus from running rampant around your network, CISA recommended segmenting and segregating networks and functions. 

The warning comes a week after cybersecurity firm Proofpoint announced that Emotet was back and causing trouble with a new campaign after taking what appeared to be a Christmas break. Researchers spotted Emotet going after targets in the pharmaceutical industry in the US, Canada, and Mexico on January 13. 

By Tuesday, the attackers had widened their net to go after victims in multiple industries in Australia, Austria, Germany, Hong Kong, Italy, Japan, Singapore, South Korea, Spain, Switzerland, Taiwan, and the United Arab Emirates. 

“Based on past activity and what our researchers are seeing, organizations around the globe should take Emotet’s return seriously,” wrote researchers. “On Monday alone we saw nearly three quarters of a million messages and they’re already fast approaching one million messages total.”

This mass of messages, although large, isn’t the highest volume the researchers have ever seen from the TA542 group. Previously, researchers have seen the threat actors send over one million messages in just one day.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!