EMOTET MALWARE ALERT

“Emotet is a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via malicious script, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding designed to look like a legitimate email.”

Yesterday the US Department of Homeland security issued an advisory of the spiked numbers of attacks using the Emotet malware.  On a Tweet by the US_CERT they stated;

Protect your system from the rise of targeted #Emotet malware attacks. Read more at go.usa.gov/xdYXp. #Cyber #Cybersecurity #InfoSec
Emotet primarily spreads via malicious email attachments and attempts to proliferate within a network by brute forcing user credentials and writing to shared drives. If successful, an attacker could use an Emotet infection to obtain sensitive information. Such an attack could result in proprietary information and financial loss as well as disruption to operations and harm to reputation.
 
Outlined below are the measures you need to take in order to stay safe from this attack;
  1. Security Applications: Use anti-virus software and have a formal patch management program in place.
  2. Block: Block email attachments commonly associated with malware (such as .dll and .exe files) and any attachments that cannot be scanned by anti-virus software (such as .zip files).
  3. Manage: Implement Active Directory Group Policy Object and firewall rules.
  4. Filter: Implement filters at the email gateway, and block suspicious IP addresses at the firewall.
  5. Restrict: “Adhere to the principle of least privilege,” CISA says, adding that “it is essential that privileged accounts are not used to log in to compromised systems during remediation as this may accelerate the spread of the malware”.
  6. Authenticate: Implement DMARC, an email validation system designed to protect organizations from spoofing.
  7. Segment: Segment and segregate networks and functions.
  8. Restrict: Block unnecessary, lateral communications in networks.
  9. Cyber Security Awareness: Train your staff and users on how to identify phishing emails. Train them on what to do if they receive such.

Emotet malware was first thought to be a banking Trojan targeting banking institutions in order to gain access to credentials. It was first identified by security researchers in 2014,” according to security firm Malwarebytes. “Emotet was originally designed as a banking malware that attempted to sneak onto your computer and steal sensitive and private information. Later versions of the software saw the addition of spamming and malware delivery services – including other banking Trojans,” such as Trickbot.

CISA encourages users and administrators to review the following resources for information about defending against Emotet and other malware.

 

2 thoughts on “EMOTET MALWARE ALERT

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Zoom Bombing & Trolls: Virtual Conference Meetings

With the Corona virus pandemic (Covid-19) having limited us to work from home and social distancing viewed as the only way of flattening the curve and reducing the virus infections. We had no alternative but to turn to the Zoom remote conferencing platform to host the Top 50 women in cybersecurity Africa conference. But later […]

Let’s Talk Social Media Security for Business

According to a Cyveillance whitepaper, social media is a phenomenon unprecedented; opening new worlds of opportunities for industries globally with great potential and rewards. This notwithstanding, it also presents numerous challenges and risks. Often-times organizations are faced with a hard time establishing and enforcing effective social media strategies. Kenya, like many other countries, has embraced the ideals […]