Emotet Malware Reawakens: The Three Things You Need to Know

Share on facebook
Share on twitter
Share on linkedin
Share on email

You may have seen the word Emotet pop up in your newsfeed lately, making headlines as the latest cybersecurity threat causing organizations worldwide to scramble.

However, this costly and destructive malware is not a new threat. It first appeared in 2014 and until recently, it has been in hibernation. Recent reports have shown that it’s back in action – equipped with new attack methods and the ability to leverage stolen email and passwords for advanced targeted attacks.

We’ve looked into the resurgence of this threat so you don’t have to. Here’s what you need to know about Emotet, and what you can do to ensure your organization doesn’t fall victim to the dangerous malware.

What is Emotet?

Emotet is an advanced Trojan malware that first appeared in 2014 to steal banking information from individuals, such as a credit card data. Now, everyone is a target – from individuals to financial institutions to government agencies in the US and around the globe.

The malware most commonly spreads through spam emails called malspam. In the latest iteration of the Trojan, malspam is disguised as legitimate correspondence, with subject lines such as “Your Invoice” or “Payment Details” and including malicious attachments which, once opened, launch the infection. Once initiated, the spamming process begins once again, capturing contacts from the infected endpoint and delivering more compromised emails to those in the network and beyond.

According to an alert from the U.S. Department of Homeland Security, the advanced nature of Emotet allows it to “evade typical signature-based detection.” This, and other sophisticated factors that make up Emotet, have led DHS to also designate it as one of the most costly and destructive instances of malware. A recent attack in the city of Allentown, PA ended up costing the city an estimated $1 million to recover.

What could it do to my business?

Consider the effect Emotet could have once it has been detonated. With its new social engineering tactics, Emotet can reuse a victim’s past emails to personalize and create a more effective and legitimate looking email, addressing victims by name and reusing common subject headers.

The notorious malware has continued to evolve throughout the years and its modular form has made it a platform to easily introduce other exploits such as the TrickBot trojan and Ryuk ransomware to further propagate and wreak havoc on an enterprise network. This means that victims could see anything from theft of data and credentials, to file encryption, to execution of backdoor commands that could destroy a network.

 

 

How can I protect myself?

The best way to safeguard against an Emotet attack is to block malware before it detonates – neutralizing the threat – without the need for scanning, detecting signatures, or updates.  AppGuard does this by leveraging its Zero Trust space policy and patented isolation inheritance policy. By enforcing a minimal set of security policies, AppGuard is able to prevent applications from performing suspicious processes, which malware and other attack vectors require in order to infect an endpoint.

For Emotet and so many of the new, sophisticated attack vectors we see everyday, Zero Trust tools are the best and only reliable means of preventing malware intrusions.

Download our latest Threat Report to learn more about how AppGuard can stop Emotet and other advanced attacks at the earliest stage.