Emotet attack has dominated the news for months. Victims also repeatedly include public institutions, universities and city administrations. Cyber attacks already hit numerous cities in 2020. Municipalities have a large amount of personal information worth protecting and thus become the target of attackers.
The Emotet attack wave is particularly destructive because it combines several types of malware, spreads using sophisticated methods and in the final step, reloads a ransomware that encrypts the systems of the attack victims. Ransomware is one of the biggest cyber threats for government agencies and businesses. This increased the number of threats by around 10 percent compared to the previous year.
Emails Are The Most Important Vectors
For many years, the most important vector of inspiration through which such attacks reach IT systems has been email. Over 90 percent of all cyber threats blocked last year companies and government agencies using malicious emails. In order to ward off such attacks, modern technical protective measures are particularly necessary.
Sandboxing is one of the most effective technologies and corresponds to the state of the art for mail security. A sandbox is an area that is isolated from the rest of the system and in which software can be run in a protected manner. This allows the behavior of a program to be observed without endangering the rest of the system environment. In particular, the sandbox is able to open URLs in an email and to download and execute any content such as files and to check the impact on the operating system.
It should be emphasized that Emotet steals emails from victims and uses them as templates for new coloring spam. It uses what is known as email thread hijacking, in which it replies to old email conversations with a malicious email. There is a high probability that emails from known conversation partners will be opened in existing conversations. As a result, Emotet’s distribution campaigns have been very successful.
This type of attack is one of the main reasons why IT security officers have to invest in security awareness training to raise awareness of this threat.Emotet is also so dangerous because, in addition to its own email theft and computer misuse modules, it also delivers other malware, which can ultimately lead to infection. Even if you try to clean up the Emotet infection, additional malware can already run on the system. When a system becomes infected with Emotet, it becomes part of the Emotet botnet.