In November last year, several Chilean financial institutions were beset by a cyberthreat. It was the banking malware Emotet, known as the nightmare of global banking. The Chilean bank Consorcio announced that, whilst no customer funds had been affected, some of the banks own funds still hadn’t been recovered.
According to PandaLabs, once Emotet gets onto a network, it infects all the computers connected to it in minutes, and these computers then await orders from the Trojan’s C&C. It is normally used to steal credentials and to send out spam, but it can also be used to encrypt the entire network.
The evolution of Emotet
Though it started life as just a banking Trojan, it has now evolved into something more like a botnet. The malware’s criminal operators hire out its loading capacities to allow other cybercriminals to deliver their own malware as a secondary payload. Once it is on a network, it is able to propagate to other machines using brute force attacks, trying to gain access to computers using passwords from a list included in the malware.
The most common threat in phishing emails
Now we’ve seen proof of just how prevalent it is. According to a group of researchers, Emotet accounts for almost all botnet payloads sent by email in the first quarter of 2019, while botnets represent 61% of all payloads that arrive by email.
One of the driving forces behind Emotet’s popularity is its flexibility and stealth: once inside an organization, Emotet can be used to deliver other kinds of malware, along with other attacks.
So how does it make its way onto computers? Emotet usually gets onto its victims systems via malicious URLs leading to malware downloads, sent out in emails using phishing techniques. Not downloading attachments from unknown senders is common knowledge for many people these days. However, with the increased use of cloud-based file sharing services, people are more likely to click unknown links without thinking about it.
In April, it was discovered that, in order to make these phishing campaigns more believable, attackers were starting to use old email conversations, spoofing new replies to old threads and inserting the malware URL into the new messages.
A far-reaching piece of malware
The nonprofit organization, The Spamhaus Project, has published an in-depth analysis of the malware. They discovered that, around the world, there are some 47,000 computers infected with Emotet, which are emitting around 6,000 malicious URLs to websites acting as compromise vectors. This makes it the most actively distributed malware at the moment: it represents 45% of the URLs that are used for this purpose.
Protect yourself against Emotet
With such a broad range of techniques to sneak onto computers, it is of utmost importance to make sure that Emotet doesn’t infiltrate our companies.
1.- Use strong passwords. One of the techniques used by Emotet is a brute force attack using a list of passwords. As such, using obvious passwords, or always using the same password, can help it to get into your organization.
3.- Careful with URLs. If you receive a link by email, always make sure that the address is legitimate, even if it seems to come from someone you know. Hover the mouse over the link to see the website it goes to.
3.- Use advanced cybersecurity solutions. Since Emotet has so many tactics to sneak onto your organization’s network, it is vital to know exactly what is happening there at all times. Panda Adaptive Defense has technology specifically developed to detect this banking Trojan. “It is important to bear in mind that, without advanced protection, the client will be infected. There are constant campaigns with this Trojan, and a traditional antivirus isn’t going to detect them,” states Pedro Uría, Director of PandaLabs.