Connect

Join us Contact

The powerful botnet reappears

8/09/19

One of the most powerful botnets in terms of malware spreading capabilities, Emotet, is active again after a four-month absence.
Reading time: 2 minutes

Researchers at security firm Cofense identified in August that the command and control servers associated with Emotet were active, although the botnet remained dormant.

Based on further research by cybersecurity analysts, they noticed that the botnet was sending malicious code again.

In addition, researchers from security firm SpamHaus noticed a phishing campaign associated with Emotet, targeting English, Polish, German and Italian speakers.

These emails initially started running in Germany, using the response chain tactic, spreading to other regions with more generic and large-scale delivery, according to Cofense senior researcher Jason Meurer.

The method

The botnet uses a social engineering technique, which involves tricking users by sending them a chain of responses. A phishing email with a Word file attached is sent as a reply to an existing conversation. This is an easy way for the user to download the document or link.

The sent document itself contains a message asking the user to accept a license agreement from Microsoft. After downloading the malware, Emotet goes on to spread the campaign by using the infected system to send more phishing emails.

Emotet is dangerous

It would seem that Emotet's main goal is to grow the campaign, but according to researchers, this is not clear.

Meurer says that earlier this year, they identified emails that suggested that the sender and recipient had already had contact and the email was a follow-up. In this way, spear phishing emails become easier to make, and will be more relevant and credible to the user, increasing the chances of them clicking.

In late January of this year, researchers at Sophos identified as many as 750 strains of malware related to Emotet, ranking its attacks as worse than WannaCry. It is even considered by the US Department of Homeland Security itself to be one of the most destructive and costly malware botnets.

Our recommendations

Preparing for any type of cyberattack or threat starts with us. Pay attention and be cautious. Yes, many times we can miss some signs, but there are others that are key and really make it possible to identify an email with malicious content. So raising awareness among your employees is critical.

This should always be complemented by tools designed to maintain cybersecurity on enterprise-wide systems, such as McAfee and Symantec antivirus for android, and regular updates and assessments:

  • Update Office, Windows, Adobe Acrobat, Oracle Jaca and other platforms.
  • Upgrade all technology and threat detection platforms.
  • Review the security controls of AntiSpam and SandBoxing.
  • Evaluate the preventive blocking of commitment indicators.

 

References:

Government of Chile - CSIRT 

InfoRisk Today - Researchers: Emotet Botnet Is Active Again

Emotet Malware Exploits New WinRar Vulnerability

Malwarebytes - Emotet is back: botnet springs back to life with new spam campaign

Share