Email Malware Targeting US Senators & Military

Researchers are warning about a powerful email malware known as Emotet which is targeting government and military systems. The malware is often used as an initial attack vector, to allow access for TrickBot’s and ransomware.

Emotet is a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via malicious script, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding designed to look like a legitimate email.

This type of malware usually refers to software programs designed to damage or do other unwanted actions on a computer system. Common examples of malware include viruses, worms, Trojan horses, and spyware. Clicking the link or opening the document will download Emotet to the computer. At this point the malware will try to propagate itself by harvesting email contacts, and continuing the spam cycle.  However, it can also analyse regular contacts, and even respond to ongoing email threads, making it harder to recognise as a threat.

Emotet is by no means a new threat, having been active for about six years now, but the threat actors behind it continually change their tactics and adapt to network defenses. 

A few months ago, Emotet began using a new technique post-infection that involved gathering the contents of a victim’s email inbox and then building new messages from existing threads. A recent wave of activity by Emotet has focused much of its attention on victims in the US military and government sectors, leading the US Department of Homeland Security to issue a warning about the spike in infections and targeting tactics.

The malware will often insert a malicious attachment to the new message and send it to the recipient of an original emails, a tactic that takes advantage of the recipient’s trust of the sender.

The secondary issue with Emotet infections is the potential collateral damage once the malware is on a network. Through its theft of email contents, Emotet may have access to confidential information that could be used in other operations. This hasn’t been an observed technique from the Emotet attackers, but the potential certainly is there.

The malware attacks email accounts and is able to spread by infiltrating other contacts in the inbox and responding to threads with malicious links or attachments.  

Cisco's Talos researchers showed that Emotet has a remarkable ability to mimic email language, even adding previous email threads to a message as well as contact information.  Hackers using Emotet have pivoted over the past few months to attack .mil (US military) and .gov (US/state government) top-level domains. Emotet's ability to mimic email lingo and penchant for responding to email threads makes it difficult for anti-spam systems to stop. 

The way Emotet is being deployed now makes it even more dangerous and governments, the military and enterprises have to protect themselves with high-level email security services as well as some sort of endpoint or malware protection software.  Emotet is often a financially motivated malware, crimeware, so its goal is to make money. 

Tech Republic:      Bitcoinist:        Duo.com:        Duo.com:      MalwareBytes:         

You Might Also Read:

US Bombarded With Ransomware:
 

 

« Looking For A Career In Cybersecurity?
Facebook Crime In Britain Rises 19% »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cambray Solutions

Cambray Solutions

Cambray Solutions specializes in locating and securing technical professionals, managers, and executives.

Ntrepid

Ntrepid

Ntrepid products provide protection from web threats and enable organizations to safely conduct their online activities.

Hexnode MDM

Hexnode MDM

Hexnode MDM is an award winning Enterprise Mobility Management vendor which helps businesses to secure and manage BYOD, COPE, apps and content.

Pryv

Pryv

Pryv is a Swissmade software for privacy, personal data collection, usage, sharing and storage.

Aspisec

Aspisec

Aspisec is a cybersecurity company specialized in Firmware Security and Critical Infrastructure Protection.

Novastor

Novastor

NovaStor® is an award-winning, international data backup and recovery software company with solutions supporting physical, virtual and cloud environments.

Point Predictive

Point Predictive

Point Predictive build Predictive Models using Artificial Intelligence and Machine Learning techniques that help our customers stop fraud and early payment default (EPD).

Earlybird Venture Capital

Earlybird Venture Capital

Earlybird is a venture capital investor focused on European technology innovators.

Conquest Cyber

Conquest Cyber

Conquest Cyber builds adaptive risk management programs where innovation is most needed – within defense, intelligence, federal civilian agencies and the industrial base that supports them.

Graylog

Graylog

Graylog provides answers to your team’s security, application, and IT infrastructure questions by enabling you to combine, enrich, correlate, query, and visualize all your log data in one place.

Drata

Drata

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls, while streamlining workflows to ensure audit-readiness.

Pathway Communications

Pathway Communications

Established in 1995, Pathway Communications – is part of the Pathway Group of Companies, a Canadian IT Managed Services organization.

Grindstone Ventures

Grindstone Ventures

Grindstone Ventures is a post-seed fund that supports post-seed equity and quasi-equity investments in early-stage innovation-driven and/or technology companies.

RealDefense

RealDefense

RealDefense develops and markets various privacy, security and optimization technologies and services for consumers and small businesses.

Apexanalytix

Apexanalytix

Apexanalytix is a leading provider of supplier onboarding, risk management and recovery solutions.

Triovega

Triovega

Triovega are a leading provider for production security and efficiency. Our solutions enhance OT security, and reduce production downtime.