Email Malware Targeting US Senators & Military

Uploaded on 2020-02-04 in TECHNOLOGY--Hackers, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

Researchers are warning about a powerful email malware known as Emotet which is targeting government and military systems. The malware is often used as an initial attack vector, to allow access for TrickBot’s and ransomware.

Emotet is a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via malicious script, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding designed to look like a legitimate email.

This type of malware usually refers to software programs designed to damage or do other unwanted actions on a computer system. Common examples of malware include viruses, worms, Trojan horses, and spyware. Clicking the link or opening the document will download Emotet to the computer. At this point the malware will try to propagate itself by harvesting email contacts, and continuing the spam cycle.  However, it can also analyse regular contacts, and even respond to ongoing email threads, making it harder to recognise as a threat.

Emotet is by no means a new threat, having been active for about six years now, but the threat actors behind it continually change their tactics and adapt to network defenses. 

A few months ago, Emotet began using a new technique post-infection that involved gathering the contents of a victim’s email inbox and then building new messages from existing threads. A recent wave of activity by Emotet has focused much of its attention on victims in the US military and government sectors, leading the US Department of Homeland Security to issue a warning about the spike in infections and targeting tactics.

The malware will often insert a malicious attachment to the new message and send it to the recipient of an original emails, a tactic that takes advantage of the recipient’s trust of the sender.

The secondary issue with Emotet infections is the potential collateral damage once the malware is on a network. Through its theft of email contents, Emotet may have access to confidential information that could be used in other operations. This hasn’t been an observed technique from the Emotet attackers, but the potential certainly is there.

The malware attacks email accounts and is able to spread by infiltrating other contacts in the inbox and responding to threads with malicious links or attachments.  

Cisco's Talos researchers showed that Emotet has a remarkable ability to mimic email language, even adding previous email threads to a message as well as contact information.  Hackers using Emotet have pivoted over the past few months to attack .mil (US military) and .gov (US/state government) top-level domains. Emotet's ability to mimic email lingo and penchant for responding to email threads makes it difficult for anti-spam systems to stop. 

The way Emotet is being deployed now makes it even more dangerous and governments, the military and enterprises have to protect themselves with high-level email security services as well as some sort of endpoint or malware protection software.  Emotet is often a financially motivated malware, crimeware, so its goal is to make money. 

Tech Republic:      Bitcoinist:        Duo.com:        Duo.com:      MalwareBytes:         

You Might Also Read:

US Bombarded With Ransomware:
 

 

« Looking For A Career In Cybersecurity?
Facebook Crime In Britain Rises 19% »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Biscom

Biscom

Biscom offers solutions for secure file transfer, synchronization, file translation, and mobile devices, designed to deliver mission-critical reliability, streamline workflows and reduce costs.

ShmooCon

ShmooCon

ShmooCon is an annual east coast hacker convention offering three days of demonstrations and discussions of critical infosec issues.

Information Security Research Group - University of South Wales

Information Security Research Group - University of South Wales

The Information Security Research Group has an international reputation in the areas of network security, computer forensics and threat analysis.

Cipher Security

Cipher Security

Cipher Security provides unique robustness tests and penetration tests, as well as customizable development services for vendors and providers.

Ubisecure

Ubisecure

Ubisecure provide Identity & Access Management solutions.

Nexusguard

Nexusguard

Nexusguard is at the forefront of the fight against malicious Internet attacks, protecting organizations worldwide from threats to their websites, services, and reputations.

Garrison Technology

Garrison Technology

Garrison SAVI® is a unique technology for secure remote browsing that can dramatically change the risk profile for enterprise cyber security.

Infosistem

Infosistem

Infosistem is a Croatian ICT company with extensive expertise and experience in enterprise and SMB ICT projects and solutions.

Compnet

Compnet

Compnet is a service company that assists customers in integrating complete ICT systems including network infrastructure and security solutions.

Advisera 27001Academy

Advisera 27001Academy

Advisera is a market leader in providing documentation and online support for the implementation of business standards including ISO 27001, ISO 22301 and EU GDPR.

Hub One

Hub One

Hub One is a leading player in digital transformation with expertise in broadband connectivity, business solutions for traceability and mobility, IOT in industrial environments and cybersecurity.

Ridge Canada Cyber Solutions

Ridge Canada Cyber Solutions

Ridge Canada helps insurance brokers and insurance buyers understand, evaluate, and secure cyber coverage that is tailored to their business.

Cirosec

Cirosec

Cirosec is a specialized company with a focus on information security. We carry out pentests & audits and advise our customers in the German-speaking countries on information and IT security issues.

Pires Investments

Pires Investments

Pires is building an investment portfolio of high-tech businesses across areas such as Artificial Intelligence, Internet of Things, Cyber Security and Augmented/Virtual Reality.

Allentis

Allentis

Allentis provide adapted solutions to ensure the security and performance of your information system.

O'Reilly Media

O'Reilly Media

O’Reilly’s help professionals learn best practices and discover emerging trends that will shape the future of the tech industry.