Episode 3: Revenge of the Emotet
Emotet is one of the most dangerous malware botnets in the arsenal of cyber criminals. And it is shown to be spreading again on Windows PCs.
Prior to an international coordinated take down in January 2021, Emotet was used to infect victims with malware and ransomware. For awhile since then, it had died down. Now, it is back.
The current attack pattern is very familiar. Waves of phishing emails target victims’ mailboxes and once a victim follows the email instructions, their device becomes a part of the cyber criminal’s botnet. At this point, Emotet seems to be testing the waters at a small scale, perhaps waiting for a chance to execute larger scale attacks. One point distinguishing the current attacks from the previous ones is that the subject lines of the emails which contain the malware link have become very simple, such as “Salary”. The link is also often a OneDrive URL.
If your organization uses OneDrive, any email in your inbox with a very short subject line should raise your alarms. Emotet could be lurking.
In 2014, Emotet was identified for the first time. In its original form, Emotet was a banking malware that stole sensitive and private information which spread through emails. Later versions of the software saw the addition of spamming and malware delivery. Due to its ability to lay dormant in sandbox environments and worm-like capabilities, Emotet can evade detection by anti-malware software to spread rapidly. It may cost up to 1 million USD to clean up in a victim network, making Emotet one of the most expensive attacks organizations may face.