Evolves from a banking Trojan to a complex threat distributor capable of providing a launch pad to sophisticated attacks.
In a clarion call aimed at making Indian enterprises aware about the latest cybersecurity threats, Seqrite, a specialist provider of endpoint security, network security, enterprise mobility management and data protection solutions, has highlighted the rapid evolution of the Emotet malware. Having previously highlighted the sudden spurt in Emotet-based attacks.
Seqrite has mapped how the malware has transformed from a banking Trojan to an advanced threat distribution platform since its launch to emerge as the biggest security threat to the Indian business. Emotet was first discovered in 2014 as a banking Trojan meant for stealing sensitive financial information from infected endpoints. However, the Trojan has evolved over time through continuous upgradations and new distribution techniques to become the biggest security threat for businesses. From 2018, Emotet has become a pain for enterprises because of its polymorphic, self-updating and spreading capabilities making it virtually impossible to detect through traditional antivirus. With the help of its indigenously developed platform, GoDeep.AI, Seqrite has been successfully detecting more than 8,000 daily intrusions of Emotet, protecting its customers from this advanced threat. The sheer number of detections proves that the malware is rising in popularity and has turned into a hot threat distribution platform for cybercriminals.
Researchers at Seqrite further observed that, due to an effective combination of persistence and network propagation technique, malware authors use infected systems strategically to achieve multiple objectives. They first steal user credentials, then use these credentials to gain access to user accounts to spam more users and further spread the malicious code. Finally, they deploy other malware such as Qakbot, TrickBot, and Ryuk Ransomware on the Emotet-infected system to maximise the damage.
The most recent evolution of the Emotet malware, as identified by Seqrite, also has the ability to hijack existing email threads and insert a malicious link or infected file into, without changing the conversation content of the threads. Emails are then sent out from the infected endpoint, spoofed to give the impression that they have been drafted by one of the correspondents. Any unsuspecting user who clicks on the infected link or downloads the infected file then has a second self-executable copy of Emotet created on their systems through random combinations, using a pre-defined list of words.
Any breach, in this case, can not only expose this sensitive information for cybercriminals to exploit but may also have long-term repercussions for the victims. By piercing through the outer defences and infiltrating other advanced malware into networks and systems, Emotet can leave target organisations vulnerable to more sophisticated attacks. On top of the financial sanctions mandated by data protection regulations such as the EU-GDPR, such a coordinated large-scale breach might also lead to the complete erosion of brand equity in the market.
How to defend against Emotet:
Seqrite advises to conduct employee awareness programmes around Emotet and implement robust cybersecurity and data protection measures. Any emails containing attachments must also be scanned for malware before opening. Downloaded documents should also not have macros enabled, or opened in the editing mode, without first scanning them for malicious codes. All systems and software must be kept up-to-date, while two-factor authentication secure protocols for email access and communication.
To protect themselves and their critical resources against advanced threats such as Emotet, security experts at Seqrite advise Indian enterprises to adopt a multi-layered approach by deploying solutions such as Endpoint Security, Unified Threat Management (UTM), and Secure Web Gateway (SWG). It is also recommended to deploy mobile-oriented security measures such as Enterprise Mobile Management (EMM), as well as data protection solutions such as Data Encryption and Data Loss Prevention (DLP).