Originating in 2014, Emotet is a type of malicious banking trojan that uses thread hijacking and other types of emails to spread. Emotet typically hides out in legitimate looking files such as .ZIP or Microsoft Excel. Once opened, Emotet steals the content of address books, sending fake emails to infect other devices.
Despite law enforcement’s efforts to take down the Emotet botnet infrastructure in January 2021, it resurfaced in November 2021 and continues to remain a threat.
With an estimated damage of $2.5 billion dollars in its heyday, these infections resulted in bank account acquisitions, ransomware attacks and high-value wire fraud which continue to fund the ongoing threat.
The New Emotet Malware
What does Emotet look like ‘in the wild’?
Excel File Attachments
In some cases, previously stolen email content for the NSA was being used to send out malware spam, otherwise known as ‘malspam’ to contacts with an attached Microsoft Excel file.
These emails appeared to be sent from the NSA executive office, however the email address was spoofed and actually originated from a malicious third-party address. If the attachment was opened, the Emotet file released its payload to infect the network.
.ZIP File Payloads
Other scenarios involved use of a password protected, encrypted .ZIP file sent by the Emotet botnet – intended to bypass security systems. The email contained the password to the .ZIP file so the victim could extract the contents.
Within the .ZIP file was a single Excel document with Excel 4.0 macros, an old Excel feature that is frequently abused by bad actors. The unsuspecting victim would need to enable macros in order to activate the malicious content.
Microsoft’s Answer to the Macros Vulnerability
To combat this vulnerability, Microsoft recently announced a plan to disable all macros by default in some applications such as Office apps, Word, Excel and PowerPoint, Access and Visio.
Rather than a button to “enable macros”, users will be prompted with a ‘learn more’ button instead. In order for Emotet to be effective, it relies on a human to open the attachment and infect the network.
How to Guard Against Emotet
Most antivirus solutions are no match for Emotet because they rely on an existing set of signatures or lists which are bound to fail since the success of Emotet is built on its ability to rapidly change and evolve.
An automated solution is the ideal match to first detect and then block the Emotet threat without human intervention.
[ss_click_to_tweet content=”An automated solution is the ideal match to first detect and then block the Emotet threat without human intervention.” style=”2″]Next generation antivirus is a means of detecting and remediating threats autonomously. Rather than relying on identification of malicious files, next gen antivirus focuses on identifying malicious behavior since that is predictable from one threat to another.
A Hybrid Approach: Human Intervention + Advanced AI
Ontech’s cyber security solution, Ontech Managed Security is an ongoing 24/7 security monitoring service. In the event that a threat is detected, an alert is set off that triggers a chain of events either manually to internal IT or through an IT provider, the Network Operations Center (NOC). At this point, steps are taken to eliminate the threat and assess damages accordingly.
For more details on cyber security services to prevent Emotet and other malicious ransomware from infiltrating your network, request a Free Network Discovery or contact our support team at 262-255-8560.
