The US Department of Homeland Security (CISA) Cyber Security and Infrastructure Security Service has issued a warning about the huge increase in gang activity behind Emotet.
Historically, Emotet botnet spam has been linked to the spread of banking trojans, but these days it spreads malware spam and then sells access to infected computers to any criminal group, including operators. ransomware.
Microsoft, Italy and Netherlands issued a warning last month of a sharp rise in malware activity of the Emotet gang, which took place a few weeks after the FranceThe Japan and New Zealand issued their Emotet notices.
Emotet was quiet after February, but returned strongly in July. CISA describes Emotet as an "advanced trojan that usually works as downloader or dropper of other malicious programs ”and“ one of the most widespread ongoing threats ”.
CISA's assessment is understandable given that Emotet is currently considered the largest botnet malware in the world.
From August, the CISA and MS-ISAC have spotted attackers targeting state and local governments with Emotet phishing emails.
Emotet spreads with worm-like features via phishing email attachments or attachments that load attachments Phishing. Once opened, Emotet "works" to spread across a network by guessing the admin credentials and using them to enable the intruder to move sideways through a network.
CISA reports that since July, the internal intrusion detection system for federal and political executive branch networks has detected approximately 16.000 alerts related to Emοtet activity.
Another perfect trick currently being used by the Emotet gang is hijacking in "email threads". The Emotet team snatches an existing email chain from an infected host and responds to the thread by attaching an additional malware document.
Source of information: zdnet.com