New Delhi: The notorious trozan Emotet continues to play hide and seek with enterprises, testing their cybersecurity efforts repeatedly with new infiltration methods. With more enterprises in India moving their resources online, the attacks have also grown and Emotet has emerged as one of the most common threats used against them.
According to cybersecurity company Seqrite, 8,000 Emotet intrusions were detected on a daily basis against Indian enterprises. Kaspersky Labs in a December 2018 report, suggested that India was the third-most affected country by Emotet, accounting for 16.57% of the attacked users after Germany (30.77%) and the US (22.53%).
The researchers at Seqrite found malware authors are using combination of persistence and network propagation technique to maximise the attack. “They first steal user credentials, then use these credentials to gain access to user accounts to spam more users and further spread the malicious code. Finally, they deploy other malware such as Qakbot, TrickBot, and Ryuk ransomware on the Emotet-infected system," said Seqrite in a press statement.
According to Kaspersky Labs, Emotet malware is distributed mostly through phishing email carrying links to malicious sites, or malicious PDF or Word attachments. Seqrite has warmed enterprises that Emotet in its latest form can hijack existing email threads and insert a malicious link or file without changing the content of the email threads. Clicking on the malicious link installs a self-executable copy of Emotet malware on the systems, paving way for more sophisticated attacks.
Once installed, it collects sensitive information such as system name, location, and version of the operating system, and then connects it to a remote command and control server.
Cybersecurity firms, including Serqrite, have been tracking Emotet since 2014, when it was primarily used as a self-propagating malware against banks. Now it's being used as a threat distribution platform used to spread other attacks quickly across the network. To avoid detection and speed up the attack, Emotet uses DLL (dynamic link libraries), a collection of small programmes separated into modules linked to the programme instead of being compiled with the main programme.
“Emotet is amongst the most dangerous malware of our times and major implications for enterprises across India. A single breach can be used as an entry point into multiple networks and systems, potentially compromising data and disrupting processes on a scale that we haven’t seen before," said Sanjay Katkar, joint MD and CTO, Quick Heal Technologies in a press statement.
In 2018, the US CERT issued an alert, which described Emotet as a costly and destructive malware that was being used against governments and organisations in both the private and the public sector.