Emotet – Not Egyptian
On Monday Toyota (TM) shut down all of its plants in Japan because of a cyber-attack on a supplier that was linked directly to Toyota’s parts management supply system. While Toyota was able to bring the plants back up the next day, full restoration at the digital level will take more time. This type of cyber-attack has become more commonplace both in Japan and in other regions and is based on a piece of malware called Emotet that is considered by the US Department of Homeland Security as one of the most costly and destructive forms of malware, costing ~$1m per incident to clean up.
This malware is a Trojan that in simpler forms has been around since 2014 and was intended to be used to steal information in banking systems, but has morphed into a more flexible Trojan that looks like an e-mail or similar clickable document. Once the document is opened, Emoet can use a number of different methods to spread across computer systems, using contact and other lists to generate e-mails that look even more realistic than the original, indicating “Your Invoice”, “Payment Details”, or an upcoming shipment from a well-known company.
Emotet is smart however and can recognize when it is in a ‘sandbox’, essentially a security tool that allows the observation of malware without letting it loose on a computer system, and it also gives the attacker the ability to upgrade the malware while it is installed on a system, giving it the ability to stay a step ahead of security trackers, which is why an attack using Emotet on the city of Allentown, PA needed Microsoft’s (MSFT) response team to come in and clean up the mess the program caused.
While Emotet is a sophisticated piece of malware and can also be used to deliver other viruses or Trojans while it collects information or executes a ransomware attack, it is identifiable, which should keep most sophisticated computer users from accidentally infecting systems, however once it has infected a system, it can use some of the data it has collected to product even more realistic looking e-mails that are harder to recognize and easy to mistake for legitimate communication from a friend or supplier The answer is to keep all computers updated and patched, while being extremely careful about opening any e-mail that is not easily identifiable as legitimate. Looking at the address of the sender is at least a start and any deviation from the norm like ‘[email protected]’ or ‘[email protected]’ should keep you from being tempted, even when the e-mail looks legitimate, and it is better to have missed an e-mail than to open one that sets off a chain reaction that could shut down the production of 13,000 cars for a day or two and possibly drain your bank account or cyber wallet.
This malware is a Trojan that in simpler forms has been around since 2014 and was intended to be used to steal information in banking systems, but has morphed into a more flexible Trojan that looks like an e-mail or similar clickable document. Once the document is opened, Emoet can use a number of different methods to spread across computer systems, using contact and other lists to generate e-mails that look even more realistic than the original, indicating “Your Invoice”, “Payment Details”, or an upcoming shipment from a well-known company.
Emotet is smart however and can recognize when it is in a ‘sandbox’, essentially a security tool that allows the observation of malware without letting it loose on a computer system, and it also gives the attacker the ability to upgrade the malware while it is installed on a system, giving it the ability to stay a step ahead of security trackers, which is why an attack using Emotet on the city of Allentown, PA needed Microsoft’s (MSFT) response team to come in and clean up the mess the program caused.
While Emotet is a sophisticated piece of malware and can also be used to deliver other viruses or Trojans while it collects information or executes a ransomware attack, it is identifiable, which should keep most sophisticated computer users from accidentally infecting systems, however once it has infected a system, it can use some of the data it has collected to product even more realistic looking e-mails that are harder to recognize and easy to mistake for legitimate communication from a friend or supplier The answer is to keep all computers updated and patched, while being extremely careful about opening any e-mail that is not easily identifiable as legitimate. Looking at the address of the sender is at least a start and any deviation from the norm like ‘[email protected]’ or ‘[email protected]’ should keep you from being tempted, even when the e-mail looks legitimate, and it is better to have missed an e-mail than to open one that sets off a chain reaction that could shut down the production of 13,000 cars for a day or two and possibly drain your bank account or cyber wallet.
RSS Feed