October is Cybersecurity month, so there’s no better time to talk about the scary reality of constant hacker attacks and threat actor tricks. While one should always be vigilant, every day, every email, this month you need to be especially diligent.
The cybercommunity has seen a significant increase in the last few weeks of the EMOTET Trojan.
This threat has been around since 2014 and while it essentially “went underground” in February, it’s come back with a vengeance and is hitting corporations in the US and elsewhere particularly hard, especially pharmaceutical companies in the US and UK. According to cyber experts EMOTET continues to be the most active, sophisticated, and lethal cybercrime operation in existence.
Why is EMOTET so lethal and why do companies continue to fall victim to its attacks?
- It is a massive attack: According to Proofpoint, EMOTET distributes around one million emails daily. In fact, its record high (so far) is 100 MILLION EMAILS in one day.
- EMOTET is an attack “for hire:” This spam-delivered trojan is used to deploy a wide variety of other malware for its paid customers – banking attacks; ransomware; data theft software. The current targeted attacks on pharmaceutical companies could be thieves looking to steal Covid-19 research.
- It constantly changes its code: That makes it hard for antivirus systems to detect.
- Email thread hijacking: It steals email chains from one infected machine, spoofs the identity, and tricks others into opening malicious links or files, especially infected MS Word files.
- Many variations do not require user credentials or downloading of files: That means the user just has to click the malicious link to trigger execution of scripts using common Windows tools, such as PowerShell.
To protect yourself, take a layered approach to security.
- Training – this is your number one defense against any email attack. How often do you train your staff? How often do you test that training?
- Email Scanning – If you’re not scanning all email BEFORE it hits your user’s mailboxes start NOW. The second-best protection is to have that threat message never get to an inbox. If you’re using Office 365, Microsoft’s Advanced Threat Protection (ATP), at a minimum, is a MUST.
- Desktop (Endpoint) Protection – Traditional Antivirus products are ok and should be installed on every desktop/endpoint at a minimum (even on MACS!!). But in today’s reality, where sophisticated attacks like EMOTET can bypass traditional AV security, you should invest in a good Endpoint Detection and Response (EDR) product, like Carbon Black or Cisco AMP.
The goblins will be roaming our neighborhoods on October 31st but EMOTET has gotten a head start. Don’t get tricked.
Be safe. Be Secure.