Emotet is Windows-based malware that first appeared in 2014. While you may not be familiar with the malware family per se, there’s a good chance that at some point you’ve been sent an email that tried to deliver it.
Emotet is one of the most prolific email-distributed malware families in our current threat landscape. Emotet-infected hosts can send thousands of phishing emails delivering Emotet each day, adding up to hundreds of thousands of malicious emails a day when Emotet is actively spamming.
You may also have heard about Mealybug, Mummy Spider or TA542. These are some of the names used for the threat actor behind Emotet.
Occasionally, Emotet takes a break from delivering malicious emails, most recently after a collaborative effort by law enforcement agencies and other authorities disrupted Emotet operations. However, it resumed operations in mid-November 2021 and again poses a worldwide threat.
How Could It Impact You?
Emotet’s malicious purposes include information stealing, spamming and loading other malware.
In addition to its high volume of activity, Emotet is also known for being nimble and evasive, meaning that it changes tactics frequently and uses strategies that make it challenging for your security team to track it down and stop it.
Aside from taking up your team’s time, an Emotet infection often misuses your computing resources to push the malware to other victims. It can also open the door to additional malware infections. Whether that’s malware like Gootkit, IcedID, Qakbot, Trickbot or Cobalt Strike, the bottom line is that these types of infections can slow your network, put your organization’s sensitive information at risk or have other negative effects.
Responding to Emotet: Recommendations
Emotet’s widespread email delivery strategy relies on the likelihood that someone somewhere in your organization may make a mistake at some point and click on something malicious that they send.
To combat this, your organization can take two primary approaches:
- Make sure people in your organization never see the malicious emails. This can be accomplished by ensuring that your IT team is practicing proper system administration with appropriate spam filtering tools, and that your software is patched and up to date.
- Make sure people in your organization are trained to avoid malicious links. Emotet often tricks users into, for example, enabling macros in Excel spreadsheets. Your organization should have appropriate training in place to help people recognize these sorts of tactics and know where to report them if they see them.
Security products such as XDR or a next-generation firewall can also help recognize and block Emotet traffic.
Stay Ahead of Threats with the Unit 42 Threat Intel Bulletin
The threat landscape continues to evolve. The monthly Unit 42 Threat Intel Bulletin delivers information you need to evolve with it. Subscribe today.