Since 2014, the Emotet Banking Trojan has been making headlines because of its ability to keep evolving and being used in more sophisticated attacks. At first, Emotet stole banking credentials from victims who would click on a link in a malicious email message, with the messages usually claiming to contain an invoice or other business document.
Later versions added capabilities to transfer money and the ability to replicate its malicious email messages to those in a victim’s contact list. It also developed the ability to search historical email messages and to reply to them with malicious content, making it more likely that potential victims will click on the attachments.
More recent versions added the ability to spread from an infected computer to other computers on a network (this is called a “worm”) using a brute force attack that attempts to use default and weak passwords. Emotet also developed the ability to deliver ransomware and was used in the infamous ransomware attack on Lake City, Florida.
In the past two months, Emotet has reappeared in a big way. Most of the attacks tend to be responses to past emails. The responses usually contain a Word document. When opened, the document presents a message stating that Word has not been activated, with a button provided to fix the problem. If the recipient clicks the link to fix the problem, macros are enabled in Word and a macro attempts to download and install the Emotet malware.
To protect against Emotet and similar trojans, we recommend the following actions for financial institutions:
If you have find yourself having a hard time keeping up with threats or even knowing what is and isn't a threat to your institution, we can help! Reach out to us any time at support@bedelsecurity.com.