Warning: new phishing threat: “Emotet” is back! [CISO, 17.11.2021] Be especially careful with Office macros in files received via e-mail!
The Federal Office for Information Security (BSI) warns of the renewed appearance of the malware “Emotet”.
According to consistent reports from several sources, the distribution of a new variant of the Emotet malware to systems already infected with TrickBot was observed from 16.11.2021 onwards.
Currently, malicious .doc(m) and .xls(m) files or password-protected ZIP archives containing these files are sent with the spam mails. It can be assumed that instead of file attachments, links leading to harmful Office files will be sent with the spam mails again in the future.
Password-protected archives cannot be detected by the upstream defence measures and are therefore particularly risky!
Countermeasures: Currently, especially the restriction of unsigned macros should protect against Emotet. Please set your Office applications accordingly.
Emotet was particularly known for email thread hijacking. Not only are sender addresses of e-mails faked, but supposed replies to previously spied e-mails are sent to the communication partners. The known subject lines and quoted email contents of actual previous communication make the spam emails appear authentic to the recipients and entice them to open the attached malicious “bait” documents and release the execution of active content. This leads to an increased penetration rate of these attacks.
It must be assumed that there will soon be another wave of large-scale Emotet spam, as was frequently observed in 2019 and 2020. Further malware loaded by Emotet could again lead to numerous compromises of networks, in which the perpetrators subsequently roll out ransomware to encrypt data.
- Information on the Emotet malware https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Sonderfall-Emotet/sonderfall-emotet_node.html
- Measures to protect against Emotet and dangerous e-mails in general https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Empfehlungen-nach-Gefaehrdungen/Malware/Emotet/emotet_node.html
- Compromised Exchange servers – increase in attacks by mail https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-269486-1032.pdf
- Emotet Returns https://isc.sans.edu/diary/28044