Recently there have been reports from security researchers that Emotet has resurfaced following a high-profile law enforcement disruption earlier this year (the kill switch was flipped for the malicious code in April 2021, as reported by Digital Journal at the time).
Emotet belongs to the malware strain known as banking Trojans and it is thought to have originated from within the Ukraine. Emotet was used as a springboard for a number of cybercriminal groups and attack techniques. It operated as a so-called botnet (a number of Internet-connected devices, each of which is running one or more bots). In this case, this was in the form of software that infects a network of computers and allows them to be remotely controlled.
According to GData: “In November 2021 we observed on several of our Trickbot trackers that the bot tried to download a DLL to the system. According to internal processing, these DLLs have been identified as Emotet….Currently, we have high confidence that the samples indeed seem to be a re-incarnation of the infamous Emotet.”
Looking at the issue for Digital Journal is Dr Süleyman Özarslan, co-founder of Picus Security, a company that specialises in simulating the attacks of cyber-criminal gangs.
Alluding to the forthcoming Holidays, Özarslan says: “Emotet’s reappearance is like seeing the ghost of Christmas past.”
In spelling out the essential risks, Özarslan explains: “Cybercriminals regularly take advantage of increased online activity during the holiday season to improve their malware distribution rate. It’s why it’s no surprise to see Emotet resurface at the busiest time of the year.”
Moving onto the specific attack mode, Özarslan reminds business users as to the core risks: “
“Phishing has always been the primary method used to distribute Emotet and in 2018 festive emails were used as a lure to trick victim’s into successfully downloading malicious Word documents disguised as Christmas cards. These Word documents contained malicious macros that downloaded banking malware.”
Initial infection of target systems often proceeds through a macro virus in an email attachment.
The same process of phishing is likely to reoccur and become the main attack vector. Özarslan warns: “Users should be vigilant of similar tactics being used again and exercise caution when clicking unknown links and attachments.”