After a five-month timeout, the Trojan Emotet has returned with a remarkable wave of attacks. Since the beginning of February, the malware situation had initially calmed down before numerous cyber attacks occurred last Friday, especially in the USA and Great Britain.
Office documents and links remain as a trap
The attacks are carried out with malicious spam mails that contain Word or Excel documents or links to download the documents as attachments. After opening the files infected with malicious macros, Emotet is downloaded and installed. In order for the victims to open the macros in the malicious file attachment, an error message is displayed on the PC stating that the document could not be opened properly because it was created under iOS. After clicking on the error message, the Trojan horse has a clear path. After infecting a computer, cyber criminals can download further malware, such as Trickbot Trojans. These can then steal passwords, cookies or SSH keys. Emotet also spreads in the affected network.
Effective Emotet protection measures
In addition to raising awareness among employees, the use of a powerful spam filter is essential to detect dangers early and block infected Emails.
URL Safeguard from NoSpamProxy allows URLs to be rewritten in incoming Emails. The rewriting only takes place if a URL is not yet securely classified during receipt and the Email can be rejected if necessary. When the user clicks on the rewritten URL, URL Safeguard checks again whether it leads to a malicious target at the time of the click. If URL Safeguard considers the URL to be malicious, access is blocked.
In the area of attachment management, NoSpamProxy uses a cloud-based sandbox array technology. This enables the analysis of potentially dangerous content in a shielded environment. In the next step, dangerous files and URLs are immediately blocked.
Content filter makes files safe
The content filter offers the possibility to lock certain file types, such as Word or Excel files with macros. Furthermore, the Content Disarm and Reconstruction (CDR) function can be used to convert all Word, Excel and PDF files into harmless PDF files. It is not necessary to reject the Email.
Reputation filter offers protection against spam
The reputation filter of NoSpamProxy is a very effective measure for protection against Emotet. NoSpamProxy checks the SPF, DKIM and DMARC entries and thus the authenticity of the sender of the mail. If the authenticity of the sender could not be verified in the checks, the Email is rejected.
The right attitude makes the difference
Even if a tool offers the described protection mechanisms, it is crucial that these are configured in combination according to “best practice” and that the configuration is also regularly checked and adjusted. The NoSpamProxy team supports you with web training, video tutorials or whitepapers.
Protect from Emotet with NoSpamProxy – Test now
WithNoSpamProxyyou can reliably protect your company from cyber attacks.Request your trial now!