<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=116645602292181&amp;ev=PageView&amp;noscript=1">

Threat Alert

Emotet

threat-alert-badge-yellow

Threat Overview

cr-icon-threat-type
Threat Type:
MODULAR MALWARE
Partner-Page-Icons-03
Target Industry:
ACROSS ALL INDUSTRIES
cr-icon-attack-goal
Attack Goal:
SPREAD RANSOMWARE
cr-icon-impacted-geo
Impacted Geo:
ACROSS ALL GEOS

What's Happening?

The Cybereason team is investigating a surge in the spread of an Emotet variant, a form of modular malware frequently leveraged by attackers to infiltrate a victim’s network and secure a staging ground for more sophisticated attacks.

Read The Full Research

To help defend your environment, leverage the Emotet-Locker tool, a defense against these attacks developed by Cybereason
engineers. This tool will prevent certain variants of Emotet on Windows machines.

Download the Emotet-Locker tool.

 

KEY OBSERVATIONS & TTPS


  • Phishing emails used to spread Emotet contain Word documents masquerading as trustworthy reports so they are more likely to be downloaded. These phishing emails are targeted at individuals across companies, including IT staff.
  • Emotet often spreads via a shotgun approach to gain whatever access it can. Once it is able to infect a machine, it downloads additional malware and moves laterally across the network.
  • Despite Emotet’s roots as a banking Trojan, it has become the Swiss army knife of malware. The practicality of Emotet’s distribution features makes it a valuable tool that attackers can easily use to gain a foothold in an environment.

Remediation Steps

cr-icon-remediate-disable
Disable macros in your organization’s group policy or caution users not to enable macros.
cr-icon-block-executable
Block executable files from being run from temporary folders in your organization’s group policy.
Asset 3
Change email accounts’ password and login credential for all infected users. Give users best practices and tips to avoid falling for future phishing emails.
antivirus-01
Prevented & Detected by the Cybereason Defense Platform

CYBEREASON CUSTOMERS

We highly recommend every customer enable the following features:

  • Enable PowerShell, Anti-ransomware, and .NET protection in the Cybereason Defense Platform.
  • Enable Application Control on Sensors to block the execution of malicious files on any endpoint where Application Control is enabled.
  • For Cybereason MDR customers, the Cybereason team will monitor
    and triage as well as assist in the mitigation of potential infections.

Download This Threat Alert

GET THE RIGHT TOOLS TO DEFEND
LET'S GET STARTED