According to new insights from Cisco Talos, this banking malware is getting nastier as it moves into the island hopping space via email attacks using social engineering.
The goal of malware used to be to simply infiltrate an organization, infect one or more endpoints, and aid in the work of stealing data, holding it for ransom, etc. But the Emotet trojan – traditionally seen as malware focused on the banking industry – hase apparently spread its wings and is now leveraging victim’s email to perpetuate its reach and potential number of victim organizations.
According to Cisco Talos, Emotet is leveraging spear phishing attacks using social engineering techniques to create specific campaigns that are aimed at jumping organizations to increase their chances of eventually finding an unsuspecting user that unwittingly engages with Emotet’s malicious emails.
This evolution in tactics shows how cybercriminals are building on the foundation of their own successful malware to create new ways of generating “revenue”.
Emotet relies solely on users falling for phishing attacks. So, putting users through Security Awareness Training is an effective way to educate them on how to identify these kinds of attacks, and how to avoid falling for them. With Emotet looking like it’s only getting more sophisticated in its abilities, stopping it before it ever gains a foothold in your organization is imperative. Security Awareness Training is the answer.