Cyber-security researchers are warning about a powerful email malware, which is targeting government and military systems. The Emotet malware is often used as an initial attack vector, to allow access for Trickbots and ransomware.
Three Months At The Top
December saw the Emotet malware lead the biggest threat charts for the third month running. Its main attack vector is through spam email campaigns containing a malicious link or Microsoft Word document. These have covered subject matters as diverse as ‘Greta Thunberg’ and ‘Christmas Party’.
Clicking the link or opening the document will download Emotet to the computer. At this point the malware will try to propagate itself by harvesting email contacts, and continuing the spam cycle. However it can also analyse regular contacts, and even respond to ongoing email threads, making it harder to recognise as a threat.
Malware Pivots To Military And Government Targets
At some point in the past few months, Emotet managed to successfully compromise one or more targets in the US government. This has led to an increase in infected emails targeting addresses with .gov and .mil top-level domains in December 2019.
After a brief break for Orthodox Christmas (even malware celebrates the holidays, it seems), then trend has continued into January 2020.
The malware can also mimic email language. In one example, an email was sent targeting a staff member of US Senator, Cory Booker. The infected email included signatures indicating that it originated from someone else using the booker.senate.gov tag.
Once Infected Doors Are Open, Ransomware Enters
Emotet is a financially motivated malware, explains Cisco Talos researcher Nick Biasini.
There’s a lot of examples of Emotet being an initial infection vector where you see Emotet but then you see a Trickbot is dropped and that’s followed up by a ransomware. So if you’ve seen a lot of these big game hunting attacks, Emotet plays a role in that as well.
Ransomware tends to access and encrypt a system’s data, with operators demanding payment in bitcoin or cryptocurrency for the decryption key.
As Bitcoinist reported, the US Coast Guard was caught out by such an attack at the end of last year.
Cryptojacking Still a Leading Malware Concern
The second-placed malware in Check Point Research’s ‘most wanted’ chart for December 2019 is XMRig. This is an open-source software for hijacking CPU resources for mining Monero. In many ways it is quite impressive that this malware still rates so highly, as it has been ‘in the wild’ since May 2017.
Are you concerned about the highly sophisticated Emotet malware? Add your thoughts below!
Images via Shutterstock