These days, Emotet seems to be an ever-present danger for organizational cybersecurity the world over. Just last month, it was discovered trying to make its way into the United Nations, and in 2019, it was a key player in the successive waves of ransomware that hit enterprises and public organizations from the USA to Europe. So prolific was the activity of this botnet, that in 2019, it was behind 45% of the malicious URLs in the world.
The cybercriminals who run Emotet are constantly striving to find new ways to infect users and companies. Many of their efforts focus on creating new email campaigns with creative subjects and content to trick people into opening malicious attachments containing Emtoet—including the use of the recent Covid-19 outbreak to scare people into downloading the malware.
In recent weeks, researchers have recently seen yet another innovative method to try to infect people with this botnet—one that doesn’t even require the user to download an attachment.
Emotet leverages nearby Wi-Fi
Cybersecurity investigators have discovered a new variant of this well-known malware that is spreading via WLAN. This means that the malware can now also reach other networks without user intervention. The malware scans endpoints for nearby WLAN connections, profiles these connections, and then attempts to hack into the encryption. This is especially successful in networks that are protected with a weak password. Emotet goes through a list of commonly used passwords and tries to use them, in a textbook example of brute-forcing, to access the neighboring system.
A timestamp of 04/16/2018 found in a component of this variant of Emotet indicates that this module may have been running unnoticed for almost two years. One reason for this may be that this particular feature is not frequently used by attackers. It could also be caused by cybersecurity researchers not having a Wi-Fi card in the sandbox environments where they study Emotet.
Emotet targets public organizations
As well as the attempted infection of the United Nations in New York back in January, Emotet recently succeeded in infiltrating an important institution in Germany. In October, the Berlin Court of Appeal was infected by Emotet, which managed to get in with a combination of a phishing email and poor security controls within the Kammergericht. As a result of this infection, the court’s IT infrastructure was destroyed, and an unspecified amount of data was stolen. The ensuing damage means that the organization’s entire IT infrastructure must now be rebuitl
With the method of distribution via WLAN, the malware is now expanding its range of attacks.
Good protection of WLAN networks required
In this context, security experts reaffirm the importance of proper security of WLAN networks. One vital measure is the use of secure passwords. Along the same lines, it is important to change default password, as these are often easy to discover, facilitating brute force attacks. This kind of attack is another reason not to use unknown networks or public hotspots without using security software. Emotet is considered one of the most dangerous and versatile malware threats of our time. Its effects can threaten the survival of companies.
Given its multiple entry vectors, companies must protect their endpoints with the most advanced cybersecurity protections. Panda Adaptive Defense has a wide range of protection features, including monitoring of absolutely every endpoint processes, to stop any threat from endangering your organization’s security.
The new developments once again demonstrate the importance of an up-to-date, proactive and dynamic cybersecurity solution to prevent the risk of malware infection.