Emotet Attack Against Organisation

BACKGROUND

Emotet started as a banking trojan in 2014 and has recently returned as a more dangerous malware targeting local government agencies. It acts as a downloader/dropper to deliver trojans and malicious code to infect devices. Emotet typically spreads through phishing emails or spam that contain Microsoft Word attachments or links along with zip files in order to bypass security filters (i.e. antivirus) to lure victims to click on the link or file.

 
IMPACT

  • Leakage of login credentials and confidential information
  • May compromise computer system


RECOMMENDATIONS

  • Do not enable macros in Microsoft applications.
  • Contact the sender of the email if you feel that the attached file seems suspicious.
  • Be alert with links provided in email messages.
  • Block email attachments commonly associated with malware, such as DLL and EXE.
  • Block email attachments such as zip files, that cannot be scanned by antivirus software.
  • Implement filters at the email gateway, and block suspicious IP addresses at the firewall.
  • Implement multi-factor authentication (MFA).
  • Always update and patch your antivirus with the latest updates.