Email Malware Targeting US Senators & Military

Researchers are warning about a powerful email malware known as Emotet which is targeting government and military systems. The malware is often used as an initial attack vector, to allow access for TrickBot’s and ransomware.

Emotet is a Trojan that is primarily spread through spam emails (malspam). The infection may arrive either via malicious script, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding designed to look like a legitimate email.

This type of malware usually refers to software programs designed to damage or do other unwanted actions on a computer system. Common examples of malware include viruses, worms, Trojan horses, and spyware. Clicking the link or opening the document will download Emotet to the computer. At this point the malware will try to propagate itself by harvesting email contacts, and continuing the spam cycle.  However, it can also analyse regular contacts, and even respond to ongoing email threads, making it harder to recognise as a threat.

Emotet is by no means a new threat, having been active for about six years now, but the threat actors behind it continually change their tactics and adapt to network defenses. 

A few months ago, Emotet began using a new technique post-infection that involved gathering the contents of a victim’s email inbox and then building new messages from existing threads. A recent wave of activity by Emotet has focused much of its attention on victims in the US military and government sectors, leading the US Department of Homeland Security to issue a warning about the spike in infections and targeting tactics.

The malware will often insert a malicious attachment to the new message and send it to the recipient of an original emails, a tactic that takes advantage of the recipient’s trust of the sender.

The secondary issue with Emotet infections is the potential collateral damage once the malware is on a network. Through its theft of email contents, Emotet may have access to confidential information that could be used in other operations. This hasn’t been an observed technique from the Emotet attackers, but the potential certainly is there.

The malware attacks email accounts and is able to spread by infiltrating other contacts in the inbox and responding to threads with malicious links or attachments.  

Cisco's Talos researchers showed that Emotet has a remarkable ability to mimic email language, even adding previous email threads to a message as well as contact information.  Hackers using Emotet have pivoted over the past few months to attack .mil (US military) and .gov (US/state government) top-level domains. Emotet's ability to mimic email lingo and penchant for responding to email threads makes it difficult for anti-spam systems to stop. 

The way Emotet is being deployed now makes it even more dangerous and governments, the military and enterprises have to protect themselves with high-level email security services as well as some sort of endpoint or malware protection software.  Emotet is often a financially motivated malware, crimeware, so its goal is to make money. 

Tech Republic:      Bitcoinist:        Duo.com:        Duo.com:      MalwareBytes:         

You Might Also Read:

US Bombarded With Ransomware:
 

 

« Looking For A Career In Cybersecurity?
Facebook Crime In Britain Rises 19% »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Magnet Forensics

Magnet Forensics

Magnet Forensics' family of digital forensics products are used globally by thousands of law enforcement, military, government and corporate customers.

ODVA

ODVA

ODVA is a global trade and standards development organization whose members comprise the world’s leading industrial automation companies.

App-Ray

App-Ray

App-Ray provides fully automated security analysis of mobile applications to find security issues, privacy breaches and data leaking potentials.

Fluency Security

Fluency Security

Fluency is the only Security Analytics & Orchestration (SAO) solution that automates correlation, detection, validation and ongoing tracking.

Wotan Monitoring

Wotan Monitoring

Wotan Monitoring is the software solution for fully automatic process monitoring, infrastructure monitoring and end-to-end monitoring.

Council for Information & Communication Technologies (CTIC)

Council for Information & Communication Technologies (CTIC)

CTIC was set up to address specific issues in the field of ICT relevant to the implementation of electronic government.

BlueKrypt

BlueKrypt

BlueKrypt is a consulting firm for the security of IT systems and their management.

ABS Group

ABS Group

ABS Group provides risk and reliability solutions and technical services that help clients confirm the safety, integrity and security of critical assets and operations.

S4x Events

S4x Events

S4x are the most advanced and largest ICS cyber security events in the world.

Have I Been Pwned (HIBP)

Have I Been Pwned (HIBP)

Have I Been Pwned is a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.

N-able

N-able

N-Able deliver simple and sophisticated monitoring, security, and business solutions that empower you to solve your toughest IT challenges.

Cyber Defense Technologies (CDT)

Cyber Defense Technologies (CDT)

Cyber Defense Technologies provides services and turn-key solutions to secure and maintain the integrity of your organization’s systems and data against attacks.

Zyston

Zyston

Zyston's solutions provide end-to-end management of your cybersecurity needs. Our range of services help protect your business where it needs it the most.

Patriot Consulting Technology Group

Patriot Consulting Technology Group

Patriot Consulting's mission is to help our clients manage cybersecurity risk through secure deployments of Microsoft 365.

TOTM Technologies

TOTM Technologies

TOTM Technologies provides end-to-end identity management and biometrics products, powering Digital identity and Digital onboarding solutions.

NANO Corp

NANO Corp

At NANO Corp, we keep your network visible, understandable, operational and secure with state-of-the-art technology.