Hackers have embarked on another campaign taking advantage of the global fear of the coronavirus to get targets open a malicious attachment as part of a strategy to infect them with Emotet Trojan. Previously, it was the Iran-US tension used by hackers to launch an attack. Today, they have based their attacking strategy on the coronavirus to spread this dangerous malware that is capable of stealing financial information of targets.
Coronavirus is currently the biggest problem the world is facing after the outbreak started from Wuhan, China, and spreading to other countries. IBM X-Force and the Kaspersky researchers made this shocking discovery.
The researchers discovered that the people of Japan have been the primary targets of this newly introduced campaign. The attackers send an email posing as members of disability warfare service providers of Japan. The email looks like a genuine one with legitimate phone numbers and email addresses.
Image Source: www.misti.com
The message informs the targets that there have been recorded cases of the coronavirus in Tottori, Gifu, and Osaka. The message then instructs the target to open an attachment which actually contains the Emotet Trojan. Once the attachment is opened, the malware installs on the target’s device and begins to execute unauthorized orders.
According to the Kaspersky researchers, the only reason why the attackers use the coronavirus as their focal point in the message is to lure targets to open the malicious attachment or even share them. In most cases, the attachments are sent in the form of PDFs, MP4s, and Docx files. They convince targets to open or download the attachment to read on the updates of the virus, some detection procedures and how to protect themselves from the virus. These are important information that increases the probability of getting their attachments opened.
Researchers have uncovered that the Emotet Trojan is mostly installed on people devices to steal information using global events as baits. According to Irfan Asrar, the Head of Cyber Threat Intelligence and Operations at the Blue Hexagon, the hackers are able to hijack the messages on the coronavirus from the official alert. This makes it easy for them to launch their campaign as it is possible they may go after healthcare organizations. Other corporations are in danger of this campaign. It is very dangerous as it is difficult to detect the legibility of the emails considering the fact that they look like they were sent from a government official.
According to the researchers, it is more likely that the recorded incidents of hackers installing the Emotet Trojan on target devices will increase as people are living in fear, especially those in Asia. Coronavirus has been declared a public health emergency. In the previous campaign, the Emotet Trojan was launched by using payment notifications and invoices to lure targets to open the attached file.
According to Kowsik Guruswamy, the CTO of Menlo Security, this campaign is a strong indication that the existing cybersecurity tools will not be able to deal with phishing attacks that contains a malicious attachment. He stated that no Artificial Intelligence or threat intelligence-based blacklist will be able to deal with this kind of attack as targets are convinced to open a malicious attachment using a life or death situation. Guruswamy added that there should be an expectation of the spike in phishing campaigns that uses news or events that grabs international headlines to get the attention of targets.
Most people may be very critical when it comes to malicious attachment and emails. However, using such cases on people who want to get informed will definitely cause them to lose their guards to open whatever malicious attachment is found in the email. Recently, attackers tried using the helicopter crash of Kobe Bryant and his daughter to spread Emotet Trojan. This kind of attack has not shown a sign of fading away as natural disasters and global events are always in our news.
Image Source: www.cisomag.com
The CEO of Edgewise Networks, Peter Smith has advised enterprises to stop the Emotet Trojan from spreading laterally across their networks. According to him, something is definitely wrong with malware detection and parameter defenses since this malware has been in active operation in the last six years.
He advised that enterprises must microsegment their networks to ensure that only verified and approved communications are allowed. This may not be a permanent solution to the spread of Emotet Trojan but may minimize the damage. It is important for security teams to secure their email channels, and to educate users on the risks of downloading attachments from questionable senders. The campaign to spread Emotet Trojan is usually broad and very targeted to languages and geographies rather than vertical, according to the research.
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.