Emotet: The Banking Trojan — Malware of the Month, May 2019
Malware of the Month – Spanning Spotlight Series: May 2019
Year-on-year the number, intensity and “smartness” of malware attacks is rapidly increasing, which is why it is no surprise that a Gallup poll found that people are more worried about cybercrime than violent physical crimes. For organizations too, recovery from a cyberattack is expensive – as per a report by IBM and Ponemon, the average data breach costs $3.86 million. The only feasible solution lies in being adequately prepared so as to prevent or minimize an attack. We can do this by staying abreast of the latest malware avatars and understanding ways to secure our organizations against them. In each blog of this series, we will examine one form of malware with tips to prevent its attack.
Let’s start with Emotet – a banking trojan malware program. It was in the news recently as the most prevalent threat in Healthcare Systems and as one that is evolving to prevent detection by hiding beneath a proxy network of IoT devices.
What is Emotet?
Emotet is a malware that the Center for Internet Security (CIS) calls one of the “most costly and destructive malware. Its highly infectious nature makes it difficult to combat and can cost up to $1 million per incident to remediate due to its worm-like features resulting in rapid, network-wide infections.”
What is particularly worrisome is that its operators are working hard at keeping it “smart” – researchers at Trend Micro found that Emotet is using the stealth of previously compromised IoT devices, as proxy command-and-control servers, to prevent detection and spread wildly.
Root Malware Type
Emotet is a form of Trojan malware. The Trojan type of malware misleads users of its true intent – much like the deceptive wooden horse from the ancient Greek story that led to the fall of Troy. Except that the target is your organization’s network. Trojans are typically spread by phishing emails or malicious links on social media.
Best Practices to Protect:
Here’s a run through of best practices to protect against Emotet:
- As Emotet largely spreads through phishing emails, ensure that your email gateway filters are updated with known malspam indicators. Highlight emails from an external source and disable macros.
- Check that your firewall restricts inbound Server Message Block (SMB) communication between client systems to prevent the Emotet IoT hack from going viral across connected devices.
- Check that your antivirus programs automatically update themselves, and are installed on all clients and servers.
- Create and publicize org-wide email and social media policies.
- Provide mandatory security awareness training to employees across all departments and levels. Educate them about detecting and reporting suspicious emails and about not giving out sensitive information on social media.
For further details, read this comprehensive list by the National Cybersecurity and Communications Integration Center (NCCIC) to safeguard your organization from Emotet.
With the best of firewall and email policies, it takes just one faulty click or an unsafe device to be breached. Which is why we at Spanning emphasize that your SaaS data isn’t really protected unless it is reliably backed up.
Stay safe and tune into June’s Malware of the Month, where I profile the “Invisible Malware,” that is truly as scary as it sounds.