You may be very familiar with the fact that most malware is spread by clicking URLs on hacked websites, or that was sent in a spam email. But what may be a less-known fact is that malware can also be spread through URLs, Word or Excel documents, or other attachments on emails.
The dreaded malware, Emotet is back. It was found on July 17 using the same techniques as it had in its last wave of activity nearly half a year ago. Emotet is a sophisticated Trojan that functions as a downloader or dropper for other malware. According to Malwarebytes, it was first spotted on July 13 and showed signs at that time of making a comeback.
Emotet is spread by spam emails that contain malicious URLs, Word or Excel documents, or other attachments. Once an infected link or attachment is clicked or opened, the Emotet malware is allowed into the system and launches the Emotet payload [1]. Overtime, this vulnerability caused by Emotet will allow other malicious software to be downloaded and installed as well as send more spam emails to the victim’s contacts. An Emotet infection can allow an attacker to obtain sensitive information if successful.
Always be cautious of email attachments
Whether or not you know the sender, always be careful opening any link or attachment sent to you in an email. Think before you click. Do you know the sender? If you don’t know the sender, it is most likely spam and its best if you don’t open the email and delete it. If you do know the sender, were you expecting an email from them? Emotet attacks are often spread by sending out spam email to all a victims contacts from their hacked email account. If the email you receive has an attachment that you weren’t expecting, contact the person who sent it before opening it. Start a new email and ask them, or better yet, instant message them, or even better, go visit them at their desk to ask.
Avoiding Emotet
The Cybersecurity and Infrastructure Security Agency recommends several practices to implement for defense of Emotet and other malware.
- Block email attachments commonly associated with malware (e.g., .dll and .exe).
- Block email attachments that cannot be scanned by antivirus software (e.g., .zip files).
- Implement Group Policy Object and firewall rules.
- Implement an antivirus program and a formalized patch management process.
- Implement filters at the email gateway, and block suspicious IP addresses at the firewall.
- Adhere to the principle of least privilege.
- Implement a Domain-Based Message Authentication, Reporting & Conformance (DMARC) validation system.
- Segment and segregate networks and functions.
- Limit unnecessary lateral communications.
If you would like to set up any additional security features such as those mentioned above, the team at ITS is happy to help.
