The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new warning of increased Emotet malware attacks.
CISA issued the alert on January 22 and also offered guidelines to defend against Emotet attacks.
Emotet is advanced modular malware originally designed as a banking Trojan aimed at stealing financial data. The malware has since evolved into being used as a downloader or dropper for other trojans.
“Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors,” CISA stated in a previous alert.
Just this past October, the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) also warned of a widespread phishing campaign designed to spread Emotet malware throughout Australia.
CISA has provided some good best practices on how organizations can protect themselves from Emotet attacks, such as:
- Block email attachments commonly associated with malware (e.g.,.dll and .exe) and those that can’t be scanned via antivirus software (e.g., zip files)
- Implement Group Policy Object and firewall rules.
- Implement an antivirus program and a formalized patch management process.
- Implement filters at the email gateway, and block suspicious IP addresses at the firewall.
- Adhere to the principle of least privilege.
- Implement a Domain-Based Message Authentication, Reporting & Conformance (DMARC) validation system.
- Segment and segregate networks and functions.
- Limit unnecessary lateral communications.
Readers can also check out related articles on recent Emotet threats, such as: