Email Malware Targeting US Senators & Military

Uploaded on 2020-02-04 in TECHNOLOGY--Hackers, GOVERNMENT-National, GOVERNMENT-Defence, FREE TO VIEW

Researchers are warning about a powerful email malware known as Emotet which is targeting government and military systems. The malware is often used as an initial attack vector, to allow access for TrickBot’s and ransomware.

Emotet is a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via malicious script, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding designed to look like a legitimate email.

This type of malware usually refers to software programs designed to damage or do other unwanted actions on a computer system. Common examples of malware include viruses, worms, Trojan horses, and spyware. Clicking the link or opening the document will download Emotet to the computer. At this point the malware will try to propagate itself by harvesting email contacts, and continuing the spam cycle.  However, it can also analyse regular contacts, and even respond to ongoing email threads, making it harder to recognise as a threat.

Emotet is by no means a new threat, having been active for about six years now, but the threat actors behind it continually change their tactics and adapt to network defenses. 

A few months ago, Emotet began using a new technique post-infection that involved gathering the contents of a victim’s email inbox and then building new messages from existing threads. A recent wave of activity by Emotet has focused much of its attention on victims in the US military and government sectors, leading the US Department of Homeland Security to issue a warning about the spike in infections and targeting tactics.

The malware will often insert a malicious attachment to the new message and send it to the recipient of an original emails, a tactic that takes advantage of the recipient’s trust of the sender.

The secondary issue with Emotet infections is the potential collateral damage once the malware is on a network. Through its theft of email contents, Emotet may have access to confidential information that could be used in other operations. This hasn’t been an observed technique from the Emotet attackers, but the potential certainly is there.

The malware attacks email accounts and is able to spread by infiltrating other contacts in the inbox and responding to threads with malicious links or attachments.  

Cisco's Talos researchers showed that Emotet has a remarkable ability to mimic email language, even adding previous email threads to a message as well as contact information.  Hackers using Emotet have pivoted over the past few months to attack .mil (US military) and .gov (US/state government) top-level domains. Emotet's ability to mimic email lingo and penchant for responding to email threads makes it difficult for anti-spam systems to stop. 

The way Emotet is being deployed now makes it even more dangerous and governments, the military and enterprises have to protect themselves with high-level email security services as well as some sort of endpoint or malware protection software.  Emotet is often a financially motivated malware, crimeware, so its goal is to make money. 

Tech Republic:      Bitcoinist:        Duo.com:        Duo.com:      MalwareBytes:         

You Might Also Read:

US Bombarded With Ransomware:
 

 

« Looking For A Career In Cybersecurity?
Facebook Crime In Britain Rises 19% »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Micron Technology

Micron Technology

Micron is a global leader in the semiconductor industry providing memory and secure storage devices for Networks, Mobile devices and IoT applications.

DoSarrest Internet Security Ltd

DoSarrest Internet Security Ltd

DOSarrest is a fully managed security firm specializing in cloud based DDoS protection services to a worldwide client base.

Granite Partners

Granite Partners

Granite is a cloud service for the development of business risk management, cyber security and privacy and occupational safety and health.

Preempt Security

Preempt Security

The Preempt Platform delivers adaptive threat prevention that continuously preempts threats based on identity, behavior and risk.

VADO Security Technologies

VADO Security Technologies

VADO Security enables the safe transfer of data between low & high security networks.

NextVision

NextVision

NextVision is a Cybersecurity and Technology company offering a range of solutions and services for Security, Compliance and IT Infrastructure Management.

In-Sec-M

In-Sec-M

In-Sec-M is a non-profit organization that brings together companies, learning and research institutions, and government actors to increase competitiveness of the Canadian cybersecurity industry.

Ukrainian Academy of Cyber Security (UACS)

Ukrainian Academy of Cyber Security (UACS)

UACS is a professional non-profit public organization established to promote the development of an extensive network and ecosystem of education and training in the field of cyber security.

Forum Systems

Forum Systems

Forum Systems is a global leader in API Security Management with industry-certified, patented, and proven products deployed in the most rigorous and demanding customer environments.

Guardara

Guardara

Guardara's mission is to help our customers to continuously improve in every aspect of software development.

Kinnami Software

Kinnami Software

Kinnami is a data security company that equips organizations with the tools they need to secure and protect highly confidential documents and data.

Cybermerc

Cybermerc

Cybermerc's services, training programmes and cyber security solutions are designed to forge collaborations across industry, government and academia, for collective defence of our digital borders.

MTI

MTI

MTI is a solutions and service provider, specialising in data & cyber security, datacentre modernisation, modern workplace, IT managed services and IT transformation services.

Closed Door Security

Closed Door Security

Closed Door Security is the only cybersecurity team in the north of Scotland offering everything from IASME Certification to CREST-Accredited penetration testing.

Harmonic Security

Harmonic Security

Harmonic Security helps companies to adopt Generative AI without risking the security and privacy of their data.

Qodea

Qodea

Qodea (formerly Appsbroker CTS) is Europe's largest Google Premier only transformation partner.