Email Malware Targeting US Senators & Military
Researchers are warning about a powerful email malware known as Emotet which is targeting government and military systems. The malware is often used as an initial attack vector, to allow access for TrickBot’s and ransomware.
Emotet is a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via malicious script, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding designed to look like a legitimate email.
This type of malware usually refers to software programs designed to damage or do other unwanted actions on a computer system. Common examples of malware include viruses, worms, Trojan horses, and spyware. Clicking the link or opening the document will download Emotet to the computer. At this point the malware will try to propagate itself by harvesting email contacts, and continuing the spam cycle. However, it can also analyse regular contacts, and even respond to ongoing email threads, making it harder to recognise as a threat.
Emotet is by no means a new threat, having been active for about six years now, but the threat actors behind it continually change their tactics and adapt to network defenses.
A few months ago, Emotet began using a new technique post-infection that involved gathering the contents of a victim’s email inbox and then building new messages from existing threads. A recent wave of activity by Emotet has focused much of its attention on victims in the US military and government sectors, leading the US Department of Homeland Security to issue a warning about the spike in infections and targeting tactics.
The malware will often insert a malicious attachment to the new message and send it to the recipient of an original emails, a tactic that takes advantage of the recipient’s trust of the sender.
The secondary issue with Emotet infections is the potential collateral damage once the malware is on a network. Through its theft of email contents, Emotet may have access to confidential information that could be used in other operations. This hasn’t been an observed technique from the Emotet attackers, but the potential certainly is there.
The malware attacks email accounts and is able to spread by infiltrating other contacts in the inbox and responding to threads with malicious links or attachments.
Cisco's Talos researchers showed that Emotet has a remarkable ability to mimic email language, even adding previous email threads to a message as well as contact information. Hackers using Emotet have pivoted over the past few months to attack .mil (US military) and .gov (US/state government) top-level domains. Emotet's ability to mimic email lingo and penchant for responding to email threads makes it difficult for anti-spam systems to stop.
The way Emotet is being deployed now makes it even more dangerous and governments, the military and enterprises have to protect themselves with high-level email security services as well as some sort of endpoint or malware protection software. Emotet is often a financially motivated malware, crimeware, so its goal is to make money.
Tech Republic: Bitcoinist: Duo.com: Duo.com: MalwareBytes:
You Might Also Read:
US Bombarded With Ransomware: