Over the summer, Emotet was named one of the top evolving malware threats to keep an eye on this year. Emotet is an advanced, self-propagating and modular Trojan. Using ‘malspam’ (malicious spam) as its primary attack vector, the spam campaigns feature malicious downloads or files which lure victims to enable a document’s macros — installing the Emotet malware on the victim’s computer. Once the malware is installed, it quickly spreads to other connected computers via their networks.
According to Symantec, Emotet malware accounted for 16% of financial trojans in 2018 – an increase of 4% from the previous year. Adding to the threat, was that Emotet has been used to spread Qakbot — which was in 7th place in the financial trojans list. Having gone quiet early in the summer months, Emotet has re-emerged after a 90 day hiatus. Multiple threat detection sources have reported findings which indicate the botnet resumed activities during the August time frame.
This resurgence of Emotet is a good reminder for organizations to take action and deploy the latest generation solutions for phishing and malicious URL detection that can automatically block malicious URLs and content before they ever reach the end users. Additionally, it is just as critical for organizations to routinely engage users with awareness training and reinforce some of the top online safety habits. While zvelo does not offer awareness training, we do lead the industry in URL database and web categorizations for phishing and malicious detection — so we know exactly what to look for when it comes to spotting a potential threat. Below are 5 habits to develop to maximize your organization’s online security.
- First and foremost, trust NOTHING.
- Be suspicious of any and all email attachments. Whenever possible, download files directly from the vendor’s website, or from within your secured account access portal. Malware, like Emotet, trick users with attachments that are often presented as invoices, payment details or proposals.
- Always check the URL to verify the hostname. The #1 WAY to spot phishing websites remains checking the domain/hostname/URL. Especially if you did not manually type in the URL, check to be sure that the URL matches EXACTLY.
- Be wary of domain, bit or typosquatting. One of the common deception methods is for a false site to look like a legitimate site but have a .com domain instead of .org, .gov or another one you expect. An impostor using abbreviated domain shortcuts (bitly or tinyurl) can also make it difficult to know if a site is correct unless you actually visit it, but there are ways you can preview the full link without having to click on the URL itself.
- Visit websites directly. Phishing attacks primarily start via a redirected link delivered in emails, text messages, and other formats. You can prevent this by using emails and texts as notifications only and purposefully, manually, visiting sites on your own to verify.