US-CERT alert sounds the alarm on Emotet, one of the most costly and destructive malware strains currently active.
The fine folks at barkley did a really good write-up about this extremely nasty Trojan.
- What's happening? On July 20, the United States Computer Emergency Readiness Team (US-CERT) issued an alert highlighting the destructive qualities of Emotet, an extremely active banking trojan that has hit state and local governments particularly hard.
- What is Emotet? A banking trojan that has evolved to become primarily a dropper for other banking trojans such as Trickbot, Zeus Panda Banker, IcedID, Qakbot, and others.
- How is Emotet delivered? Phishing emails with malicious attachments or links. Warning: Because Emotet hijacks victim email accounts to send out these phishing emails, they may appear to come from someone the recipient knows and trusts.
- What makes Emotet so dangerous? Emotet's potent combination of persistence mechanisms and worm-like features results in rapidly spreading, network-wide infections that are difficult to contain and remove. Attacks have cost victims up to $1 million to remediate.
- What to do: Prioritize preventing infections in the first place by training employees, implementing DMARC, and investing in advanced endpoint protection (Emotet is polymorphic and can evade traditional antivirus). In addition, put barriers in place to block malware like Emotet from spreading. Restrict inbound SMB communication between client systems and adhere to the principle of least privilege.
Read the full blog post at Barkly. Warmly recommended!