“Emotet is a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via malicious script, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding designed to look like a legitimate email.”
Yesterday the US Department of Homeland security issued an advisory of the spiked numbers of attacks using the Emotet malware. On a Tweet by the US_CERT they stated;
- Security Applications: Use anti-virus software and have a formal patch management program in place.
- Block: Block email attachments commonly associated with malware (such as .dll and .exe files) and any attachments that cannot be scanned by anti-virus software (such as .zip files).
- Manage: Implement Active Directory Group Policy Object and firewall rules.
- Filter: Implement filters at the email gateway, and block suspicious IP addresses at the firewall.
- Restrict: “Adhere to the principle of least privilege,” CISA says, adding that “it is essential that privileged accounts are not used to log in to compromised systems during remediation as this may accelerate the spread of the malware”.
- Authenticate: Implement DMARC, an email validation system designed to protect organizations from spoofing.
- Segment: Segment and segregate networks and functions.
- Restrict: Block unnecessary, lateral communications in networks.
- Cyber Security Awareness: Train your staff and users on how to identify phishing emails. Train them on what to do if they receive such.
Emotet malware was first thought to be a banking Trojan targeting banking institutions in order to gain access to credentials. It was first identified by security researchers in 2014,” according to security firm Malwarebytes. “Emotet was originally designed as a banking malware that attempted to sneak onto your computer and steal sensitive and private information. Later versions of the software saw the addition of spamming and malware delivery services – including other banking Trojans,” such as Trickbot.
CISA encourages users and administrators to review the following resources for information about defending against Emotet and other malware.
- CISA Alert Emotet Malware
- Australian Cyber Security Centre (ACSC) Advisory Emotet Malware Campaign
- CISA Tip Protecting Against Malicious Code