The world is seeing a massive increase in Emotet attacks wherein the cybercriminals are taking advantage. They are going after machines that were compromised by malware with an intention to launch more malware infection as well as ransomware campaigns.
According to the HP-Bromium Threat Insights Report, there was a 1,200% surge in Emotet Detections from July to September quarter compared to the previous three months, when the deployment of malware appeared to decline.
It started emerging in 2018; these attacks disappear and then again come back. To which the researchers suggest that it will continue into 2021. Emotet often gets a foothold into the networks via phishing emails. The people behind it use thread hijacking so that the email can look more authentic and legitimate. For example, people tend to download an attachment if it comes from an acquainted person or a colleague.
The attacks are planned and customized based on the location of the intended object with phishing email templates and traps written in English, French, German, Hindi, Spanish, Greek, Vietnamese, and Japanese.
The purpose of Emotet is simply to disturb and retard as many machines as possible. It creates backdoors into networks which the operators can sell onto other malware operators as a route to one’s own malicious campaigns. The Emotet infections are denoted as the beginning point of ransomware attacks.
“The targeting of enterprises is consistent with the objectives of Emotet’s operators, many of whom are keen to broker access to compromised systems to ransomware actors. Within underground forums and marketplaces, access brokers often advertise characteristics about organizations they have breached – such as size and revenue – to appeal to buyers,” said Alex Holland, Senior Malware Analyst at HP.
“Ransomware operators in particular are becoming increasingly targeted in their approach to maximize potential payments, moving away from their usual spray-and-pray tactics,” he added. “This has contributed to the rise in average ransomware payments, which has increased by 60%.”
It is recommended that organizations implement email content filtering that will act as a layer of protection against malicious attachment and Emotet-like malware attacks.
Organizations should ensure that their network has a protective layer of the latest security updates, which helps go a long way in protecting against cyber-attacks exploiting well-known vulnerabilities.