Threat Actors Target U.S. State and Local Governments With Emotet Malware
Emotet is an advanced Trojan malware that is primarily spread via phishing email links and attachments that, once engaged with by the victim, launches its payload. The malware then attempts to spread through the victim’s network by brute forcing users’ credentials and writing to shared drives. Emotet is a particularly nasty malware due to its worm-like features that enable network-wide attacks and infections, and even uses modular Dynamic Link Libraries to continuously evolve and update its capabilities.
Emotet attacks were known to have fallen dormant since February of this year, but since July there has been a sharp uptick of Emotet based attacks. Since August, there have been multiple attacks and actors targeting state and local governments in the United States utilizing Emotet phishing emails. It’s a particular note that security researchers have observed a 1,000 percent increase in downloads of the Emotet loader and since July, CISA’s (Cybersecurity and Infrastructure Security Agency) executive branch security protection tool, the EINSTEIN Intrusion Detection System, has found more that 16,000 instances of Emotet activity. These attacks are being executed in phases, indicating possible targeted campaigns using tainted .doc Word files to deliver the malware.
To better protect yourself and your network against Emotet-based attacks, CISA has released mitigation best practices like blocking email attachments associated with malware, blocking attachments which can’t be scanned by antivirus software, using multifactor authentications and restricting browser access to risky sites.
Sources: