The Emotet botnet is picking up steam again, according to an advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA). The agency directly warns state and local governments because they appear to be the main targets.
Emotet is a trojan that spreads mainly through phishing campaigns and links. When the victim clicks on the link, the payload launches and the malware attempts to proliferate within a network by brute-forcing user credentials and writing to shared drives.
“Emotet resurged in July 2020, after a dormant period that began in February,” says the advisory. “Since August, CISA and MS-ISAC have seen a significant increase in malicious cyber actors targeting state and local governments with Emotet phishing emails. This increase has rendered Emotet one of the most prevalent ongoing threats.”
Due to the malware”s design, Emotet continues to persist because it can infect entire networks. Moreover, it uses modular Dynamic Link Libraries to evolve and update its capabilities continuously.
CISA’s intrusion system has detected approximately 16,000 alerts related to Emotet activity since July 2020. The campaign has used Microsoft Word email attachments in phishing emails as the principal infection vector, and the situation drastically changed in August as “security researchers observed a 1,000 percent increase in downloads of the Emotet loader.”
The US isn’t the only country targeted by campaigns, with Canada, France, Japan, New Zealand, Italy and the Netherlands observing similar incidents.
CISA also released signatures to allow cybersecurity companies to detect the threat more easily and published a huge list of possible mitigations, some of which are useful in many situations, not only for Emotet.
tags
Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between.
View all postsDecember 19, 2024
November 14, 2024