In a joint operation, law enforcement agencies from Germany, the Netherlands, Ukraine, Lithuania, France, as well as England, Canada and the United States have smashed the infrastructure of the Emotet malware. Emotet was previously considered the most dangerous malware in the world and in the vast majority of cases was used to extort ransom from victims.
The current threat situation is shaped by the trojan Emotet. A striking feature of cyber attacks is that the attack patterns vary rapidly. This makes it difficult to specifically detect Emotet threats at all levels.
After a five-month timeout, the Trojan Emotet has returned with a remarkable wave of attacks. Since the beginning of February, the malware situation had initially calmed down before numerous cyber attacks occurred last Friday, especially in the USA and Great Britain.
Much has been written lately about Emotet and the consequences that an infestation with this banking Trojan can have. Among other things, public institutions have had and are struggling with the consequences of successful cyberattacks that have polluted and crippled their respective IT infrastructures, with sometimes catastrophic consequences. The Berlin Chamber Court is perhaps the best-known example, as large amounts of data could probably be stolen over several days. A real IT total damage. We have already explained how you and your company can protect yourself from emotet elsewhere.
But what does an emotet email actually look like? Three concrete examples show how authentic emotet emails now look. All three examples have been reported to us and have only been anonymized by us to the extent necessary for data protection reasons.
In many cases, the banking Trojan Emotet reaches IT infrastructures via contaminated Office files containing so-called macros. A macro is a kind of mini-program that – if permission has been granted – executes a specific sequence of instructions. Cyber criminals have used macros to find a way to infect computers with emotet and other malware. Because they are often not needed, these macros can be prevented from running in Office 365, either manually or through Group Policy – if it weren’t for a glaring vulnerability in certain business versions of Office 365.eklatante Sicherheitslücke in bestimmten Business-Versionen von Office 365.
The last quarter of 2019 was marked by scare news about malware and cyber attacks. Public institutions in particular were damaged by the numerous attacks, including the Berlin Court of Appeal and the administration of the city of Frankfurt am Main. However, the victims also included institutions such as the University of Gießen, the Catholic University of Applied Sciences Freiburg and the Fürth Clinic. In all the cases mentioned, the IT systems were infected with the malware Emotet.
A new wave of spam emails and viruses is currently affecting IT systems around the world. Since early November 2018, fake invoices, bank account warnings and other forged documents containing malicious code in the form of banking trojan Emotet are being distributed.
Since April 2019, there is a new type of attacks that use emails as an attack vector: the so-called Email Reply Chain Attacks. The first step in these attacks is to spy on emails. The responses to these emails written by the criminals contain a malicious link or attachment. While this method was initially used on a larger scale by Emotet, other threats such as QakBot (aka Qbot or also Quackbot) have also been added over time.