Over the past few years, we’ve seen malware escalate its targets. No longer are viruses meant as malicious pranks on the general public – now big businesses and government departments are under siege.
Emotet is one example of this kind of escalation. While it has been around for a long time, we’ve recently seen it shift its focus onto government and military-based targets.
What Is Emotet?
Emotet is an email-based malware that tried to trick people into clicking infected attachments. It started life as a banking trojan, using strategies like any other email malware. It would create a believable-looking email claiming to be a specific company, then trick people into clicking the attachment.
These days, six years later, it’s a lot more advanced. Emotet can now scan the inbox of an infected user and find threads that it can respond to. It then formulates a believable reply to that thread and links the attachment. To the recipient, it looks like the infected user had responded to the thread, which makes it more likely for the target to download the attachment.
This method of attack is effective for two reasons. The most obvious is that a user is more likely to trust an email from a friend’s account than one from a random stranger’s. This method also allows the attack to sneak under spam filters. Some people have set up strict filters to stop scams, but this method won’t get flagged by them.
Recently, researchers monitoring Emotet traffic noticed a spike in emails to .mil and .gov addresses – U.S. military and government email domains, respectively. This may be due to someone in that domain opening an infected Emotet email and spreading the virus among their contacts, thus giving Emotet a foothold within the U.S. government’s system.
What Does Emotet Do?
Malware has evolved to take down larger targets, but they’re not just blowing up computers for fun. In recent years, malware developers have moved towards a money-focused strategy where they extract money from the victim. If you remember the ransomware spree that occurred a few years ago, that was a prime example of hackers trying to make money.
Emotet is no different. It uses the infected attachment to deliver unwanted programs onto the computer. This may include ransomware that locks down the PC until the victim pays up.
As such, Emotet ideally wants to be hitting big businesses. They are more likely to pay the ransom demand, as they have both the desire to unlock the computer as quickly as possible and the money to do so.
How Do You Spot an Emotet Attack?
Emotet’s methods are designed to be as sneaky as possible. Not only does it hijack a current email thread, but it will also try to impersonate the sender as closely as possible. The best defense is to not instantly trust any emails from your contacts and use a solid antivirus that can block the attack if Emotet does manage to fool you.
Evading Emotet’s Emails
Emotet is a powerful email malware distributor that has the power to impersonate contacts. This makes it very hard to spot and filter out an Emotet attack, but you can spot them if you exercise caution and don’t 100 percent trust attachments that are sent your way – even from a friend.
Do Emotet methods make you worried to use email? Let us know below.
Simon Batt is a Computer Science graduate with a passion for cybersecurity.
Our latest tutorials delivered straight to your inbox