• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Uncategorized  /  Tracing the story of Emotet malware campaign
emotet-malware
01 December 2018

Tracing the story of Emotet malware campaign

Written by Seqrite
Seqrite
Uncategorized
  • 15
    Shares
Estimated reading time: 3 minutes

For any enterprise which has some sort of association with the financial sector, it is important to be familiar with the threat of Emotet. Yes, Emotet, a part of the banking Trojan family which is distributed through various different techniques and channels via spam campaigns. Reported first in 2014, this malware has continued to pop up in different forms and formats through regular intervals. Recently in July 2018, the United States Computer Emergency Readiness Team (US-CERT), a part of the Department of Homeland Security, released an alert about malware.

‘Costly and destructive malware’

According to the US-CERT notice, Emotet is, “an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.”

It goes on to add that “Emotet continues to be among the most costly and destructive malware affecting SLTT governments. Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Additionally, Emotet is a polymorphic banking Trojan that can evade typical signature-based detection. It has several methods for maintaining persistence, including auto-start registry keys and services. It uses modular Dynamic Link Libraries (DLLs) to continuously evolve and update its capabilities. Furthermore, Emotet is Virtual Machine-aware and can generate false indicators if run in a virtual environment.”

When a United States security agency decides to release a detailed alert for a particular type of malware, it is always a cause of concern. Around the time this alert was noticed, the Seqrite blog also did a detailed analysis of the Emotet malware and its evolution, which can be read here.

Mode of operation

In a nutshell, this malware spreads through PDFs and JS files attached in emails. It was also noticed that it was spreading through MS Office Word documents with macros disguised within it. Phishing emails are sent with suspicious attachments or links which lead to infected files. These files contain infected macros creating several copies in the system folders. After taking details of each running process, the malware starts encrypting the data and sends it to malicious servers.

There has been a spike in Emotet activity in November 2018 with the modus operandi being similar: malicious Word and PDFs which are presented as legitimate financial documents like invoices, bank statements, alerts, etc.

Security tips

At this point, it is important that enterprises take proper security precautions to protect themselves against this rampant threat. A few measures they can employ to protect against the Emotet malware campaign are:

  • Use cybersecurity solutions which offer proper spam and email protection. Seqrite’s Endpoint Security (EPS) solution offers spam protection which scans endpoint inboxes for spam, phishing attacks and unsolicited mails.
  • Employ email protection even at the network level. Seqrite’s Unified Threat Management (UTM) solution offers Gateway Mail Protection which scans incoming/outgoing mail and attachments at the gateway level to block spam and phishing attacks before they enter the network.
  • Keep network and systems updated with the recent patches.
  • Create policies regarding suspicious emails so that all employees are aware of the course of action in the event of receiving a suspicious mail.
  • Create proper awareness about phishing and social engineering by running training programs and ensuring compliance among employees about Emotet and other similar forms of malware campaigns.

As an IT security partner for your business, Seqrite provides comprehensive security from advanced cyber threats. To know more

 Previous PostYour business is hit by a breach. Now what should you do?
Next Post  Why should you say NO to ransomware demands!
Seqrite
About Seqrite

Follow us for the latest updates and insights related to security for enterprise networks. Subscribe to our newsletter to stay...

Articles by Seqrite »

Related Posts

  • The-need-for-businesses-to-empower-the-CISO

    Why do boards need to empower their CISO?

    October 22, 2019
  • CCPs are becoming soft targets for enterprise malware attacks.

    Hackers are breaking into the enterprise through content collaboration platforms CCPs

    July 17, 2019
  • Seqrite mSuite can be the perfect solution for the education industry

    April 22, 2019

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • BlueKeep Attacks seen in the wild! BlueKeep Attacks seen in the wild! November 8, 2019
  • Benefits of having Intrusion Prevention/Detection System in your enterprise Benefits of having Intrusion Prevention/Detection System in your enterprise February 15, 2018
  • 5 Security measures you should take to protect your organization’s network 5 Security measures you should take to protect your organization’s network August 11, 2017

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Will Automation be the next big weapon against cyber threats?

    Will Automation be the next big weapon against cyber threats?

    December 5, 2019
  • Leveraging security analytics to bolster enterprise cybersecurity

    Leveraging security analytics to bolster enterprise cybersecurity

    December 4, 2019
  • Seqrite UTM : Security Weapon Against Man In The Middle Attacks

    Seqrite UTM : Security Weapon Against Man In The Middle Attacks

    December 3, 2019
Tweets by @Seqrite

Stay Updated!

Follow Us On

Topics

Antivirus For Linux (10) Antivirus For Server (9) BYOD (9) CISO (8) Cyber-attack (30) cyber-attacks (55) cyberattacks (11) cyber security (25) Cybersecurity (207) Cyber threat (29) cyber threats (44) data breach (49) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (14) endpoint security (99) Enterprise security (14) Exploit (12) firewall (10) GDPR (9) hackers (9) incident response plan (9) IoT (8) malware (49) malware attack (20) malware attacks (12) MDM (25) mobile device management (9) Network security (17) Patch Management (12) phishing (16) Ransomware (47) ransomware attack (29) ransomware attacks (29) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (33) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2019 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.