Emotet may sound like an ancient Egyptian pharaoh, but it’s actually something much more current. It’s a banking Trojan that has been wreaking havoc and stealing banking information from individuals and businesses since 2014.
Emotet has evolved since its inception and has become a significant threat that infects networks and spreads other malware. In 2018, the Cybersecurity and Infrastructure Security Agency (CISA), part of the U.S. Department of Homeland Security (DHS), released a statement calling Emotet “an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans.” In the same statement, CISA said that Emotet infections cost governments up to one million dollars to remediate per incident.
If the DHS is on the case, then you can be sure that protecting your network from Emotet needs to be a top priority.
Who is a Target?
Emotet has targeted individuals, large and small businesses, and governments in the U.S. and Europe. It steals banking and financial information such as bank logins, financial data, personal data, and cryptocurrency data.
Since it has evolved to spread other malware, including other banking Trojans, it’s even more dangerous.
How Does Emotet Spread?
In the beginning, Emotet was spread in the same manner as traditional Trojans, by a phishing email and macro-enabled document files or malicious script. Emotet emails may be designed and formatted to look like a legitimate email from a business colleague, vendor or parcel carrier. Often these emails have attachments labeled as invoices or payment details.
These attachments are macro-enabled files. Once they are downloaded and opened, they begin to download a malicious file with the Emotet Trojan. As soon as Emotet has a stronghold on a machine, it starts to try to infect other devices on the network, often by sending emails similar to the one that started the infection to everyone on the contact list.
Additionally, if on a connected network, Emotet begins a brute-force attack using a list of common passwords to access other systems on the network.
If Emotet is on a virtual machine or is otherwise sandboxed, it will lay dormant and undetected until it can spread to a network connected device.
Another method used by Emotet to spread is to exploit known vulnerabilities, such as the EternalBlue/DoublePulsar vulnerabilities. By exploiting these known Windows vulnerabilities, Emotet can install malware with no human interaction needed.
Emotet is polymorphic, meaning it changes itself every time it’s downloaded. It does this to evade signature-based detection. So, even if you have confined Emotet to a machine, there is still a threat, because it will constantly update itself. Given enough time, it will find a weakness that can be exploited.
Emotet’s ability to self-replicate and evolve quickly means that it can spread, undetected, from system to system before administrators know it’s there.
How Can You Prevent Infection?
Luckily, there are a few things you can do to protect your machine and network from Emotet.
- Identify and secure unmanaged devices. My managing the devices on your network, including Internet of Things (IoT) devices, you can eradicate any security blind spots. Consider SOC-as-a-service to manage and monitor your logs, devices, clouds, network, and assets.
- Install the latest patches. Emotet relies on Windows vulnerabilities, so by keeping up to date with the latest patches, you’re protecting your network. Consider patch management software such as Baramundi or Shavlik to manage it for you.
- Train your users to spot spam and phishing emails. The best way to prevent malware or a Trojan from entering your network is to train your users not to open suspicious looking emails or click sketchy links.
- Enforce strong passwords. Create rules for setting strong passwords for individual computers as well as network systems. If possible, start using two-factor authentication.
- Employ multi-layered cybersecurity protection. Deploy a sophisticated, multi-layered defense, including the latest endpoint security and anti-malware tools, such as Sophos Intercept X.
Next-Gen Security for Next Level Peace of Mind
Next-Gen security uses tools programmed with the logic of artificial intelligence, machine learning, and deep learning to proactively protect against malware, higher layer attacks, and DDOS attacks. Deep learning can be used to help identify Emotet as it is evolving, to prevent infection or keep it from spreading on the network if it’s been infiltrated.
To learn more about how Next-Gen security can help prevent Emotet from infecting your network, check out our ebook, The Realities vs. The Hype of Next-Gen Security.