The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning after becoming aware of an increase in targeted Emotet malware attacks.
Emotet is a sophisticated trojan that normally functions as a downloader or dropper of other malware.
“Emotet primarily spreads via malicious email attachments and attempts to proliferate within a network by brute forcing user credentials and writing to shared drives. If successful, an attacker could use an Emotet infection to obtain sensitive information,” read the warning.
CISA added that such an attack could result in financial loss, disruptions to operations and harm to reputation.
Users and administrators are recommended to block email attachments commonly associated with malware such as .exe, and block email attachments that cannot be scanned by antivirus software.
Other protection practices include implement an antivirus program and a formalised patch management process, as well implementing filters at the email gateway, and blocking suspicious IP addresses at the firewall.
The warning comes a week after researchers Proofpoint revealed that the threat actor group behind Emotet, TA542, were back. Researchers discovered that TA542 were targeting victims within the pharmaceutical industry in the western hemisphere.
“To understand how serious the potential threat of Emotet’s latest return can be, it’s helpful to look at the last break they took: May 2019 until late September 2019. Even though Emotet was on vacation for all but the last two weeks of Q3 (July – September), it still accounted for over 11% of all malicious payloads we saw for that entire quarter. That statistic alone tells the story of what TA542 is capable of with Emotet,” said Proofpoint.