Episode 3: Revenge of the Emotet

Emotet is one of the most dangerous malware botnets in the arsenal of cyber criminals. And it is shown to be spreading again on Windows PCs.

Prior to an international coordinated take down in January 2021, Emotet was used to infect victims with malware and ransomware. For awhile since then, it had died down. Now, it is back.

A wooden horse figure stands on a laptop which has a red screen with a warning sign
Emotet had been stopped for awhile. Now, it is back and spreading fast. (Image source: style-photography)

The current attack pattern is very familiar. Waves of phishing emails target victims’ mailboxes and once a victim follows the email instructions, their device becomes a part of the cyber criminal’s botnet. At this point, Emotet seems to be testing the waters at a small scale, perhaps waiting for a chance to execute larger scale attacks. One point distinguishing the current attacks from the previous ones is that the subject lines of the emails which contain the malware link have become very simple, such as “Salary”. The link is also often a OneDrive URL.

If your organization uses OneDrive, any email in your inbox with a very short subject line should raise your alarms. Emotet could be lurking.

In 2014, Emotet was identified for the first time. In its original form, Emotet was a banking malware that stole sensitive and private information which spread through emails. Later versions of the software saw the addition of spamming and malware delivery. Due to its ability to lay dormant in sandbox environments and worm-like capabilities, Emotet can evade detection by anti-malware software to spread rapidly. It may cost up to 1 million USD to clean up in a victim network, making Emotet one of the most expensive attacks organizations may face.

Source: ZDNet and Malwarebytes

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
E. S. Nurcan

E. S. Nurcan

A hungry learner for cybersec, tech, and everything political. Öğreniyorum ve yazıyorum, teknoloji, siyaset ve biraz da Asya üzerine.政治、技術、アジア国際関係等について書く。