Connect with us

Hi, what are you looking for?

HEADLINES

Emotet’s return is the canary in the coal mine – Sophos

The sudden disappearance of the malware gave rise to a lot of rumors that the creators had been arrested, or contracted COVID-19, or simply had retired and planned to live the good life on the Black Sea coast. But these theories were squashed on July 17th, when Sophos saw a new wave of Emotet attacks swing back into action.

Photo by Taskin Ashiq from Unsplash.com

Sophos, a global player in next-generation cybersecurity, discovered that Emotet, the ubiquitous botnet that arrives in the guise of any of a thousand different bogus email messages, never really went away when it suddenly stopped appearing in internal records and feeds of spam emails in February.

The sudden disappearance of the malware gave rise to a lot of rumors that the creators had been arrested, or contracted COVID-19, or simply had retired and planned to live the good life on the Black Sea coast. But these theories were squashed on July 17th, when Sophos saw a new wave of Emotet attacks swing back into action.

“We’ve talked a lot about Emotet in the past, including showing its malware ecosystem, and providing a series of deep-dive 101s, not forgetting showing the authors venting their frustration at Sophos. But then in February 2020, Emotet ceased production – its botnets stopped activity, and the waves of spam campaigns went silent. This isn’t the first time it’s vanished off the radar, only to rise again months later – and that’s exactly what we saw again last Friday,” said Richard Cohen, Senior threat researcher and manager of the Abingdon, UK detection team.

Unfortunately, Emotet is not merely a tool for thievery, but the botnet acts as a delivery mechanism for other malware, walking it through the firewall over the encrypted channels it creates, bypassing network-based defenses.

As a result, Sophos investigated many cases in which a large-scale ransomware infection began as the result of this simple but effective Trojan lying undetected for a period of time, before the infected computer was used as a staging area for a larger attack against the company or organization on whose network it insinuated itself.

Advertisement. Scroll to continue reading.

The Emotet gang has not changed their same, fundamental playbook they’ve followed for years. If you receive an email from an unknown source, or unexpectedly from a known source, with a Microsoft Office file attached, be extremely careful about opening it. In a related vein, if you receive an email that tells you to download such a file attachment in order to receive some sort of invoice or statement, be extremely suspicious.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Organizations must implement a risk assessment methodology that is aligned with their operational realities – by establishing a clear asset baseline, organizations can engage...

APPS

Experts suggest that the goal of the attackers is to steal cryptocurrency assets from residents of Southeast Asia and China. Users in the Philippines...

White Papers

Nearly 50% of companies paid the ransom to get their data back – the second highest rate of ransom payment for ransom demands in...

GAMING

To help players stay safe, Kaspersky is launching “Case 404” — an interactive cybersecurity game that teaches Gen Z how to recognize threats and protect their...

HEADLINES

A zero-trust secure connection has many applications beyond automotive. It’s really for any industry that cares about security, and managing that security at scale.

HEADLINES

Organisations across the Asia-Pacific and Japan region are putting their security posture first, and many are now detecting intrusions early in the attack lifecycle,...

HEADLINES

Agentic AI Assistants—such as Apple Siri, Google Gemini, Microsoft Copilot, OpenAI ChatGPT, and others—are increasingly available to mobile users in consumer and enterprise environments. However, the same...

HEADLINES

Based on breach-tracking research conducted for over two decades, over 124 million Filipino user accounts have been compromised since 2004. This puts the Philippines...

Advertisement