The notorious Emotet Trojan is back at the top of the malware charts, having had a makeover designed to make it more effective at escaping detection.
Check Point’s newly released Global Threat Index for December 2020 revealed that the malware variant bounced back from fifth place in November.
It now accounts for 7% of malware infections globally after a spam campaign targeted more than 100,000 users per day over the holiday period, the security vendor claimed. Emotet is closely followed by fellow modular Trojan Trickbot and info-stealer Formbook, both on 4%.
“It has now been updated with new malicious payloads and improved detection evasion capabilities: the latest version creates a dialogue box, which helps it evade detection from users,” explained Check Point.
“The new malicious spam campaign uses different delivery techniques to spread Emotet, including embedded links, document attachments, or password-protected Zip files.”
Emotet and Trickbot are often used in combination by ransomware groups to gain an initial foothold into networks. Attackers can then pick and choose which victims to go after with “hands-on-keyboard” multi-staged attacks.
In fact, a new report detailing the activities of the Ryuk variant recommended one of the best ways for organizations to mitigate the threat is to prevent initial infection by malware like Emotet.
The focus therefore should be on email security with anti-phishing capabilities and enhanced end user awareness training, although defense-in-depth is always preferable, including two-factor authentication and prompt patching to reduce the attack surface further.
“Emotet was originally developed as banking malware which sneaked on to users’ computers to steal private and sensitive information. However, it has evolved over time and is now seen as one of the most costly and destructive malware variants,” said Maya Horowitz, director of threat intelligence & research, products at Check Point.
“It’s imperative that organizations are aware of the threat Emotet poses and that they have robust security systems in place to prevent a significant breach of their data. They should also provide comprehensive training for employees, so they are able to identify the types of malicious emails which spread Emotet.”