Claiming the number one spot, according to Check Point’s Global Threat Index, Emotet trojan is the most widely used and most costly malware in cybercrime today. Since 2014, Emotet has been continually improved and updated over time. According to the Department of Homeland Security, Emotet’s dedicated developers have now brought the cost of each security incident close to $1 million to repair. With a hefty price tag for victims and continuing improvements by developers, it’s easy to see why Emotet is cause for great concern within the cybersecurity and business communities alike.
Just last year, an Emotet spam campaign during Christmas and the New Year targeted over 100,000 users per day. That campaign brought Emotet to its number one spot as the most prevalent malware used in cybercrimes. Check Point determined Emotet targeted 7% of organizations worldwide during the month of December alone. Although Emotet first started as a banking trojan, it now offers options including the sale of backdoor access onto compromised devices. With that access, hackers can infect devices with their malware of choice, including ransomware.
Emotet Has Company
There are two other malware types following Emotet’s path of wrath. Trickbot banking trojan is next in line as a malware that also continues to improve and update its capabilities over time. That includes customizing it to allow for many other attack types, although Trickbot is often used as a gateway to installing ransomware.
The third most prominent malware reported is Formbook, allowing hackers who have purchased it on the dark web to steal critical information from devices. That data includes usernames and passwords from web browsers, monitors and logs keystrokes, collects screenshots, downloads and executes files, and more. Check Point found both Trickbot and Formbook each attempted to infiltrate 4% of organizations globally last year.
The below diagram outlines the workflow one of the many variations of Emotet infections. Emotet is constantly evolving, but currently has been focused on lateral attacks, sending emails to the contact lists of an infected computer, and scrapped credential stealing in favor of banking malware.
What’s an Organization to Do?
There are two known components of Emotet and other malware that allows them to move easily into systems unchecked. One is organizations with poor and/or outdated cybersecurity software that opens the door for malware to enter. Ineffective security for some may be the result of lacking funds, still others use the “crossed fingers” approach. It’s always recommended to install patches and update systems as soon as they are deemed “end of life” or when patches are available to fix vulnerabilities.
One measure that any organization can always utilize is employee cybersecurity training. Ongoing risks, evolving threats and hacking trends can all be addressed through education. Since employees are typically the front line against attacks, many of which start with email phishing, a cyber-smart staff can prevent a security event before it starts. Simply knowing the red flags of email phishing like poor grammar and spelling, generic greetings, malware attachments and malicious links, requesting financial transfers, and more can all be prevented by an employee who knows what to look for. Ongoing employee cyber education is one of the best investments any organization can make toward its future success.