2 min read

Emotet Is Back and It"s Targeting Local and State Governments, CISA Warns

Silviu STAHIE

October 08, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Emotet Is Back and It"s Targeting Local and State Governments, CISA Warns

The Emotet botnet is picking up steam again, according to an advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA). The agency directly warns state and local governments because they appear to be the main targets.

Emotet is a trojan that spreads mainly through phishing campaigns and links. When the victim clicks on the link, the payload launches and the malware attempts to proliferate within a network by brute-forcing user credentials and writing to shared drives.

“Emotet resurged in July 2020, after a dormant period that began in February,” says the advisory. “Since August, CISA and MS-ISAC have seen a significant increase in malicious cyber actors targeting state and local governments with Emotet phishing emails. This increase has rendered Emotet one of the most prevalent ongoing threats.”

Due to the malware”s design, Emotet continues to persist because it can infect entire networks. Moreover, it uses modular Dynamic Link Libraries to evolve and update its capabilities continuously.

CISA’s intrusion system has detected approximately 16,000 alerts related to Emotet activity since July 2020. The campaign has used Microsoft Word email attachments in phishing emails as the principal infection vector, and the situation drastically changed in August as “security researchers observed a 1,000 percent increase in downloads of the Emotet loader.”

The US isn’t the only country targeted by campaigns, with Canada, France, Japan, New Zealand, Italy and the Netherlands observing similar incidents.

CISA also released signatures to allow cybersecurity companies to detect the threat more easily and published a huge list of possible mitigations, some of which are useful in many situations, not only for Emotet.

  • Block email attachments commonly associated with malware (e.g.,.dll and .exe).
  • Block email attachments that cannot be scanned by antivirus software (e.g., .zip files).
  • Implement Group Policy Object and firewall rules.
  • Implement an antivirus program and a formalized patch management process.
  • Implement filters at the email gateway and block suspicious IP addresses at the firewall.
  • Adhere to the principle of least privilege.
  • Implement a Domain-Based Message Authentication, Reporting & Conformance validation system.
  • Segment and segregate networks and functions.
  • Limit unnecessary lateral communications.
  • Disable file and printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
  • Enforce multi-factor authentication.
  • Exercise caution when opening email attachments, even if the attachment is expected and the sender appears to be known.
  • Enable a firewall on agency workstations, configured to deny unsolicited connection requests.
  • Disable unnecessary services on agency workstations and servers.
  • Scan for and remove suspicious email attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
  • Monitor users’ web browsing habits; restrict access to suspicious or risky sites.
  • Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs).
  • Scan all software downloaded from the internet prior to executing.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read