The Emotet malware has dominated the malware threat landscape despite an overall fall in malware over the last quarter of 2019, apparently as criminals take a Christmas break.
According to a new report published by Cofense, there was an overall decrease in malware volume, as Emotet (also known as Geodo) took the limelight and threat actors scaled down for the holidays.
The report said that the major botnet and banking trojan picked up even more steam in delivering malicious emails. Email reply chain compromises, macro-laden malicious documents, and convincing phishing templates made their way into user inboxes from the infected machines, which closely reflects its historical pattern, researchers said.
The malware used similar techniques from previous campaigns as it sent finance invoices, invited recipients to a Christmas party, and spread TrickBot through its carefully crafted emails. Researchers said that while limited in distribution, the operators reintroduced link-based templates that direct users to download malicious files.
Using macro-enabled documents for malware delivery accounted for a sizeable portion of malware phishing emails, predominantly as part of Emotet campaigns. Researchers said that unlike the previous quarter, hackers reduced their use ofCVE2017-11882 to enable further payloads, which typically involves a malicious Rich Text Format (RTF) or Excel Spreadsheet file that downloads or executes another malware such as Loki Bot or HawkEye Keylogger.
“This decline, to some extent, is a possible result of system upgrades due to Windows 7’s End of Life, better patching awareness, and more preemptive security focus. Globally, Command and Control (C2) servers for malware related to phishing campaigns stood fast, as the United States continued to account for a sizable portion at over 40 percent,” said researchers.
The researchers said that for this year, Windows 7’s End of Life is likely to spawn new malware variants as organisations struggle with upgrades.
“Targeted ransomware will probably continue to see an increase, while widespread campaigns remain on a downward trend. Geopolitical events in the physical world may result in more impact within the cyber-realm, such as a virtual retaliation for a kinetic strike,” said researchers.
Niamh Muldoon, senior director of Trust and Security, EMEA at OneLogin, told SC Media UK that “20 year on in my career, I am still saying "There is no one single bullet - Defence in Depth is the key".
She added that organisations should apply controls to technologies, make sure security is included in business processes, and ensure the organisation has a good security culture.
“Applying a Defence in Depth (DiD) model to security within your organisation, with security controls in place within technologies, business processes and culture will begin to support reducing risk associated with new malware variants. Don't underestimate the value of security awareness programmes for keeping your employees conscious of new malware threats,” she said.