This content was published: July 24, 2018. Phone numbers, email addresses, and other information may have changed.
Advisory about new banking Trojan threat – Emotet
Posted by amcmahon
A new and dangerous email Trojan malware, “Emotet”, is circulating. It was primarily targeted at Outlook, but we have confirmation that is also active on Gmail systems.
Our team is working with the feds and others on remediation strategies, but for now I just want to heighten awareness. This is an opportunity to remind your staff to be diligent in following existing controls in place for suspicious emails. If suspicious about an email, call the Service Desk and they will walk through what you should do – and create a ticket for the InfoSec team.
Extract: “Emotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors. Its worm-like features result in rapidly spreading network-wide infection, which are difficult to combat. Emotet infections have cost SLTT governments up to $1 million per incident to remediate.
Emotet is disseminated through malspam (emails containing malicious attachments or links) that uses branding familiar to the recipient; it has even been spread using the MS-ISAC name. As of July 2018, the most recent campaigns imitate PayPal receipts, shipping notifications, or “past-due” invoices purportedly from MS-ISAC. Initial infection occurs when a user opens or clicks the malicious download link, PDF, or macro-enabled Microsoft Word document included in the malspam. Once downloaded, Emotet establishes persistence and attempts to propagate the local networks through incorporated spreader modules.”