Content, Content

Reports: Notorious Emotet Botnet Returns After 90 days Dormant

Share

The Emotet botnet has been reactivated after a 90 days hiatus and is actively spreading spam campaigns, the threat intelligence wing of Check Point Software said in its latest Global Threat Index for September 2019.

The security specialist’s researchers first reported Emotet had become active again in August after it receded from cyber attacks in June. Other security defenders, such as Malwarebytes, also warned last month that the trojan had begun pumping out spam.

Some of Emotet’s virulent features include hijacking old mail threats to personalize spearphishing attacks. The malware also can be used as a delivery mechanism for the banking trojan TrickBot and the Ryuk ransomware to steal sensitive information and extortion. Other Emotet campaigns feature emails that contain a link to download a malicious Word file, and some house the malicious document itself. When users open the file, it lures the victims to enable the document’s macros, which then installs the Emotet malware on the victim’s computer. Emotet was the fifth most prevalent malware globally in September, according to Check Point.

“It’s not clear why the Emotet botnet was dormant for 3 months, but we can assume that the developers behind it were updating its features and capabilities,” said Maya Horowitz, Check Point threat intelligence & research director. “It’s essential that organizations warn employees about the risks of phishing emails, and of opening email attachments or clicking on links that do not come from a trusted source or contact. They should also deploy latest generation anti-malware solutions that can automatically extract suspicious content from emails before it reaches end-users.”

Here’s Check Point’s most wanted list for September 2019:

Top malware 3:
The Jsecoin JavaScript cryptominer that can be embedded in websites leads the top malware list, impacting 8 percent of organizations worldwide. XMRig, an open-source CPU mining software, is the second most popular malware, followed by AgentTesla, an advanced RAT, both with a global impact of 7 percent. Jsecoin’s share is up for the month as is AgentTesla's while XMRig slipped.

Top 3 most wanted mobile malware:

Lotoor, an Android hacking tool, was the most prevalent mobile malware, followed by adware AndroidBauts and Hiddad, Android malware that repackages legitimate apps and then releases them to a third-party store.

Most Exploited vulnerabilities:

The MVPower DVR Remote Code Execution vulnerability leads the top exploited vulnerabilities list with a global impact of 37 percent. The Linux System Files Information Disclosure vulnerability is second, closely followed by the Web Server Exposed Git Repository Information Disclosure, with both impacting 35 percent of organizations around the world. All three vulnerabilities’ impact on organizations worldwide rose for the month.

The entire Top 10 list can be read here.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.