Featured Post

Best places to buy Kaspersky Anti-Virus in 2020 - Android Central

Image
Best places to buy Kaspersky Anti-Virus in 2020 - Android CentralBest places to buy Kaspersky Anti-Virus in 2020 - Android CentralAntivirus Software Market Pin-Point Analyses of Industry Competition Dynamics to Offer You a Competitive Edge - 3rd Watch NewsAntivirus Software Market Research with Covid-19 after Effects - Apsters NewsAntivirus Software Market Scope by Trends, Opportunities to Expand Significantly by 2026 - Jewish Life NewsBest places to buy Kaspersky Anti-Virus in 2020 - Android CentralPosted: 28 Apr 2020 12:00 AM PDTKaspersky Anti-Virus is one of the best computer protection programs around, and has been thoroughly tested by several third-party labs and in our own in-house tests, too. The best place to purchase a copy of Kaspersky Anti-Virus is from Kaspersky itself. However, you can often find deals through other vendors. The trick is finding a trustworthy one, so you don't accidentally purchase and download malware instead of a legitimate copy of Kaspersky. Here a…

Emotet Trojan Resurfaces, Hijacking Email Content from Victims - HealthITSecurity.com

Emotet Trojan Resurfaces, Hijacking Email Content from Victims - HealthITSecurity.com


Emotet Trojan Resurfaces, Hijacking Email Content from Victims - HealthITSecurity.com

Posted: 20 Sep 2019 12:00 AM PDT

By Jessica Davis

- A number of security research teams have discovered the notorious Emotet trojan making a resurgence in the last few weeks, revamping its attack methods and leveraging stolen email content.

About five years ago, the malware variant emerged as a banking trojan. But Emotet has continued to evolve throughout the years, quickly becoming a dangerous botnet and malware for hire. Cisco Talos Intelligence researchers explained Emotet's malware payloads are used "to more fully monetize their attacks."

Emotet is often combined with other banking trojans, information stealers, email harvesters, self-propagation mechanisms, and ransomware. Researchers saw attacks leveraging the malware decline in June, but Emotet is back in full swing as of September 16.

What makes Emotet so unique – and effective—is its attack method. The socially engineered spam emails reuse stolen email content, which makes it easier for hackers to trick users into thinking they're responding to a legitimate email.

"Once they have swiped a victim's email, Emotet constructs new attack messages in reply to some of that victim's unread email messages, quoting the bodies of real messages in the threads," researchers explained.

As a result, Emotet sends emails from within an actual conversation from the victim's email account. The virus will compose an attack message from the infected account. Researchers noted that before Emotet went dark over the summer, its hackers only stole conversations in about 8.5 percent of attacks.

But since its resurgence, hackers have used the method in about 25 percent of its cyberattacks.

"It's easy to see how someone expecting an email as part of an ongoing conversation could fall for something like this, and it is part of the reason that Emotet has been so effective at spreading itself via email," researchers wrote.

"By taking over existing email conversations, and including real Subject headers and email contents, the messages become that much more randomized, and more difficult for anti-spam systems to filter," they added.

What's more, Cisco Talos researchers found that Emotet also steals credentials from its victims to send outbound messages, in addition to hijacking their email accounts. The malware will then send the stolen email credentials to other bots within its network, which allows Emotet to send other malicious messages.

In fact, the security firm has "detonated" hundreds of thousands of copies of Emotet inside its sandbox. In the past 10 months, Emotet attempted to use these sandbox infections as "outbound spam emitters" almost 19,000 times.

The malware also assigns various roles to its infections, including a spam emitter bot. The bot will receive a list of outbound email credentials, including the mail server IP address.

"Of course, many larger networks deploy multiple mail server IP addresses, and in the data, we saw a fair number of repeat usernames and passwords using different, but related mail server IPs," researchers wrote. "Eliminating the server IP data, and looking strictly at usernames and passwords, Talos found 202,675 unique username-password combinations."

As Emotet has been active for several years, the researchers advice for preventing an infection is similar to other email security methods. Organizations need to use strong passwords and opt into multi-factor authentication. Microsoft found that MFA blocks nearly 100 percent of all automated cyberattacks.

Leadership should also educate employees to be on guard for emails that appear to be unexpected replies to older email threads, emails that seem out of context, or messages from familiar names but are sent from unfamiliar email addresses.

"This is also a good opportunity to recognize that security researchers and practitioners can never take their foot off the gas," researchers wrote. "When a threat group goes silent, it's unlikely they'll be gone forever. Rather, this opens up the opportunity for a threat group to return with new IOCs, tactics, techniques and procedures or new malware variants that can avoid existing detection."

"Just as we saw earlier this year with the alleged breakup of the threat actors behind GandCrab, it's never safe to assume a threat is gone for good," they added.

In January, researchers discovered trojan malware had upended ransomware as the greatest hacking threat to healthcare. And while ransomware has seen a resurgence this year, it's important for healthcare leaders to remain vigilant in protecting against active threats.

Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US