Emotet: Public Institutions Increasingly Targeted by Cyber Criminals

The last quarter of 2019 was marked by scare news about malware and cyber attacks. Public institutions in particular were damaged by the numerous attacks, including the Berlin Court of Appeal and the administration of the city of Frankfurt am Main. However, the victims also included institutions such as the University of Gießen, the Catholic University of Applied Sciences Freiburg and the Fürth Clinic. In all the cases mentioned, the IT systems were infected with the malware Emotet. Although the criminals also repeatedly use other malicious software, there has been an increase in attacks attributed to Emotet since last autumn. The Bundesamt für Sicherheit in der Informationstechnik (BSI) even had to issue a corresponding press release and point out special protective measures.

Why is Emotet dangerous?

Emotet is distributed via authentic-looking emails that often follow on from emails sent recently. In many cases, the sender can be identified at first glance as a known contact with whom a communication relationship has recently been established. The recipient, salutation and signature also appear authentic. This is possible because Emotet can read Outlook address books, MAPI interfaces and Active Directories of communication partners and use this information for attacks. Since the fake emails are very well adapted to the usual communication habits of the later victim, there is a high probability that malicious attachments will be opened. After infecting a computer with Emotet, the software can load further malware, such as the banking trojan Trickbot. This almost always results in data leakage, loss of control over the affected system, financial loss or loss of production.

A powerful email firewall is essential

The BSI points out that sensitizing employees is the first step towards IT security. This is certainly true, but there are always those who are fast on the click, and one click can be enough to infect an entire IT infrastructure. Moreover, since emails are now extremely well-designed and look authentic at first glance, it is essential to use a proper email firewall that detects threats early and blocks infected emails – for more email security in public institutions.

How to protect yourself from Emotet

The URL Safeguard in NoSpamProxy enables the rewriting of URLs in incoming emails and checks the URL each time the user clicks on it to see whether the URL leads to a malicious target. If the URL is classified as dangerous, access is blocked. This prevents one of the common consequences of an Emotet infection, where a clicked link takes the user to a website from which malicious code is downloaded. In the area of attachment management, NoSpamProxy provides a cloud-based sandbox array technology through the Sandbox Service that analyzes potentially dangerous content in a shielded environment. The file is loaded into a sandbox array, executed and analyzed. Malicious files and URLs are blocked immediately. Content filtering includes the ability to block specific file types such as executable files or Word documents with macros, to use Content Disarm and Reconstruction (CDR) to turn all Word, Excel and PDF files into safe PDFs, or to reject the entire email. The reputation filter in NoSpamProxy is especially effective against Emotet emails. Evaluating the sender’s reputation by verifying the SPF, DKIM and DMARC entries leads in most cases to the rejection of the fake emails, no matter how well the email is made visually and in terms of content. NoSpamProxy offers many more features that will keep you and your business safe from Emotet and other malware. Request your trial version now!