Not all malware are created equally. And of all the malware out there, the Emotet malware is one of the most potent. Throughout its long life, Emotet has been linked to major malware attacks, and has consistently topped the Global Threat Index since September 2020. The only exception was a relatively quiet November, during which the malware was given a makeover to return in December with a bang, delivering holiday gifts to hundreds of thousands of people worldwide.

So what makes the Emotet malware so successful and effective?

The Emotet malware is a long standing success story

Emotet has been around for a long time. The Emotet trojan was first identified in 2014,  initially as a banking malware and it has been regularly updated by its developers to maintain effectiveness and spread its wings into other sectors, impacting businesses and individuals alike. An Emotet malware attack can be extremely expensive to remedy. According to the US Department of Homeland Security, incidents involving Emotet cost upwards of $1m to rectify.

The Emotet malware constantly evolves, and was involved in several campaigns during 2020, culminating in a spam email campaign in December 2020 that infected up to 100,000 computers a day, accounting for 7% of global malware infections, and returning it to number one in the threat rankings.

The Emotet malware is predominantly spread via emails, and in particular spam mail. Once it has infected a victim’s device, it will spam all their contacts, including friends, family, and colleagues. Emotet will mimic the user, using their name and email address to send the spam, increasing the chances that another user will trust their contact, and download the malware. Recent versions of the Emotet malware have hijacked email threads, again using their initial victim’s credentials to insert spam into an existing conversation, and increasing the chances of convincing the other members of the thread that it is genuine.

Within emails, the Emotet trojan can be added as an embedded link, attachment (very often posting as a Word document), and even password protected Zip files. Early versions of Emotet were continued within a malicious JavaScript file, but later versions have evolved to use macro-enabled documents to retrieve payloads and infect computers.

Once inside a victim’s computer, Emotet can dwell quietly to evade detection, or it can get busy spamming contacts, or using brute force attacks to crack user passwords, gaining access to accounts and stealing private and sensitive information.

Gateway to cyber attack: Emotet works with other malware

The Emotet malware’s success at evading detection, dwelling in a system for an experienced period, and ability to spread through a victim’s network has made it a popular conduit for other trojans and ransomware to enter networks. The Emotet malware has been seen in collaboration with other malware and ransomware attacks, particularly TrickBot, and the Ryuk ransomware (one of the most successful ransomwares of recent years).

Reducing the risk of the Emotet malware

The evolution of the Emotet malware shows us how important it is to keep up to date with the latest cyber threats, updating defences, and staying on guard to protect against successful malware attacks. 

The Emotet trojan has the potential to create havoc on any network it accesses. However, since it is primarily delivered through spam email, it can be protected against in a multi level defence. Improving defences against the Emotet trojan will in turn improve your defences against ransomware, the biggest threat of 2021.

– Strengthen email security defenses, reduce the ability of the Emotet malware reaching email inboxes in the first place. Emotet is a sophisticated player, and can evade basic protection measures, so ensure that it is backed up with other protections.

– Refresh user awareness, reminding employees of their cybersecurity responsibilities, and how to identify the signs of spam and malware, reducing the risk of them inadvertently downloading malware.

– Implement a strong password policy, including two factor authentication on all accounts within a network to reduce the ability of the malware to crack passwords, and spread throughout systems. 

– Instill the habit of installing patches and security updates in a timely manner to reduce vulnerabilities and decrease the attack surface.

Stay safe