The surge of Emotet malware attacks poses a major threat to organisations

April 28, 2022
Surge Emotet Malware Cyberattacks Major Cyber threat Organisations

The highly elusive Emotet malware has deployed several attacks against numerous organisations. There have been few changes in the infection process method that the threat actors do in controlling the trojan, but the primary purpose is to steal information from targeted systems.

 

The Emotet malware distributes infected documents in their latest onslaught.

 

According to researchers, the operators of Emotet are using various malicious Microsoft Office files in their recent series of phishing attacks. Moreover, the first confirmed attack of the Emotet was in November last year.

The phishing emails distributed by threat actors appear to be forwarded or reply to messages that include ‘Fw:’ or ‘Re:’ in the emails’ subjects. In other cases, the maldocs have a ZIP archive that the target can unlock if they use the email’s password.

The Excel files and Word documents attached to the phishing emails contain an image requesting targets to access the ‘Enable Content’ button in the security warning bar. If the target clicks the ‘Enable content’ button, the malware will download malicious macros, which will run the malicious payload.

While the Excel files use Excel 4.0 macro with the VBA macro, the Word documents only contain a malicious VBA code. According to recent findings, the Emotet campaign utilises a malicious Excel file coded as ‘2021_NovW4’ to bypass the detection mechanism from antivirus software.

For the first quarter of 2022, the Emotet trojan infected targets and organisations worldwide. Moreover, the was a significant rise in the number of phishing attacks last month, and experts believed that the increase was influenced by the geopolitical conflict between Russia and Ukraine.

According to the tally of a research group, Italy was the most affected country among others; it was then followed by Russia, Japan, Mexico, Brazil, and Indonesia.

The Emotet malware made a surprising comeback this year after suffering a significant disruption last year in the hands of security researchers and law enforcement agencies. In addition, its operators upgraded the capabilities and infrastructure of their malware to target more victims.

Experts recommend that organisations train their employees to spot phishing emails and employ a reliable defence mechanism to locate such threats since the Emotet trojan primarily spreads phishing emails.

About the author

Leave a Reply