EMOTET MALWARE ALERT

“Emotet is a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via malicious script, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding designed to look like a legitimate email.”

Yesterday the US Department of Homeland security issued an advisory of the spiked numbers of attacks using the Emotet malware.  On a Tweet by the US_CERT they stated;

Protect your system from the rise of targeted #Emotet malware attacks. Read more at go.usa.gov/xdYXp. #Cyber #Cybersecurity #InfoSec
Emotet primarily spreads via malicious email attachments and attempts to proliferate within a network by brute forcing user credentials and writing to shared drives. If successful, an attacker could use an Emotet infection to obtain sensitive information. Such an attack could result in proprietary information and financial loss as well as disruption to operations and harm to reputation.
 
Outlined below are the measures you need to take in order to stay safe from this attack;
  1. Security Applications: Use anti-virus software and have a formal patch management program in place.
  2. Block: Block email attachments commonly associated with malware (such as .dll and .exe files) and any attachments that cannot be scanned by anti-virus software (such as .zip files).
  3. Manage: Implement Active Directory Group Policy Object and firewall rules.
  4. Filter: Implement filters at the email gateway, and block suspicious IP addresses at the firewall.
  5. Restrict: “Adhere to the principle of least privilege,” CISA says, adding that “it is essential that privileged accounts are not used to log in to compromised systems during remediation as this may accelerate the spread of the malware”.
  6. Authenticate: Implement DMARC, an email validation system designed to protect organizations from spoofing.
  7. Segment: Segment and segregate networks and functions.
  8. Restrict: Block unnecessary, lateral communications in networks.
  9. Cyber Security Awareness: Train your staff and users on how to identify phishing emails. Train them on what to do if they receive such.

Emotet malware was first thought to be a banking Trojan targeting banking institutions in order to gain access to credentials. It was first identified by security researchers in 2014,” according to security firm Malwarebytes. “Emotet was originally designed as a banking malware that attempted to sneak onto your computer and steal sensitive and private information. Later versions of the software saw the addition of spamming and malware delivery services – including other banking Trojans,” such as Trickbot.

CISA encourages users and administrators to review the following resources for information about defending against Emotet and other malware.

 

2 Comments

  • Dennis

    January 24, 2020

    Thank you for this advisory. We’ll patch up our systems.

    Reply
  • Richerd

    January 24, 2020

    Thank you for the update. Keeping tabs with whats going on.

    Reply

Leave a Reply