Making headlines in the news, cybersecurity agencies across the world are on high alert after a recent development. France, Japan and New Zealand have published security alerts over the last week. The alerts warn about an impending uptick in emotet malware targeting these countries.
Emotet activity spike in september 2020
Joseph Roosen from Cryptolaemus, a group of security researchers who track Emotet malware campaigns, stated that the Emotet botnet has been particularly active in recent weeks, especially in the three countries. New Zealand had been heavily targeted by Emotet operators via emails which originate from E3. E3 is one of the three mini-botnets that make up the larger Emotet infrastructure. As E3 was spamming New Zealand, Japan was being targeted by all the three types of mini-Emotet botnets, namely E1, E2 and E3. According to Japan’s Computer Emergency Response Team (CERT), the spam wave led to a tripled Emotet sighting last week which led experts to raise an alarm. However, the Emotet spam waves are less intense in France, unlike the other two countries.
There is a reason for France to worry nonetheless. In 2019, France’s emotet detection stood at 0.29%, the same as Brazil and Australia. Between 2018-2019, Emotet ranked second among the top ten global business threat families, increasing by a marginal 6% [1]. French officials declared a state of emergency after Emotet infected computers on the Paris court system network, creating an uproar. In response, the French Interior Ministry blocked all Office documents (.doc) via email. Also, National Cybersecurity Agency of France ANSSI issued an official cyber-security alert earlier this week, urging government agencies to check their emails before opening them.
What are emotet attacks?
Emotet attack described in the cybersecurity alerts refers to email spam campaigns. They originated from Emotet infrastructure and are targeting companies and government agencies in France, Japan and New Zealand. Organizations that fell victim to the attacks received the mails, opened them and ran the attached documents. This puts them at risk of getting infected with one of the most dangerous malware nowadays.
According to the alerts, all three attacks appear to be the same. Emotet operators used their patent trick of first infecting one victim and then stealing older email threads. The group then revives these old conversations, adds malicious files as attachments, and targets new users with a conversation that looks legitimate.
The Emotet campaigns that targeted Japan, France and New Zealand, allegedly used Windows Word documents (.doc) and password-protected ZIP archive files as malicious email attachments. The issued alerts contain sound advice for those looking for ways to prevent or tackle Emotet infections, regardless of the country of origin.
Source
[1] Malwarebytes Labs (2020) “2020 State of Malware Report” [Online] Available from: https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdf [Accessed September 2020]