Emotet has secured its spot as the most prolific malware threat. Over the Christmas and New Year period a spam campaign using Emotet targeted over 100,000 users a day. Emotet was used to target 7% of organizations around the world during December.
The malware started life as a banking trojan but has evolved to become much more than that, providing a complete backdoor onto compromised machines that can then be sold on to other cyber criminals to infect victims with additional malware – including ransomware. Emotet is excellent at maintaining persistence while also avoiding detection, meaning victims will often have no idea that they’ve been compromised until it’s far too late.
Banking trojan Trickbot is the second most dominant form of malware as we enter 2021. Like Emotet, it’s constantly updated with new capabilities and features, including the ability to customize the malware that allows it to be used in all manner of cyber-intrusion campaigns.
Credential-harvesting malware Formbook was the third most detected malware threat over the reporting period. Formbook is sold on dark web forums at relatively low cost but provides cyber-criminal users with everything they need for a powerful information-stealing campaign; it harvests usernames and passwords from browsers, collects screenshots, monitors, and logs keystrokes, and more.
Other prominent malware during December included Dridex trojan, XMRig cryptocurrency mining malware and Hiddad Android malware.
What to do?
- Ensure you have a robust security system in place, up to date and operational.
- Ensure the latest security patches are installed as soon as they are received.
- Provide comprehensive training for employees, so they are able to identify the types of malicious emails that spread Emotet and other malware.
What can you do to when this happens to you?
- If you find your network breached immediately shut down and identify the source for the breach.
- Determine if any data has been corrupted and/or exfiltrated. If data has been lost notify those effected immediately.
- Notify your local law enforcement cybercrimes division and the FBI.
- Restore the network from a known clean backup