Security News > 2021 > November > Emotet malware: “The report of my death was an exaggeration”

Emotet malware: “The report of my death was an exaggeration”
2021-11-16 19:13

The idea is simple: instead of building a single-purpose malware program for each attack, and unleashing it on its own, why not spearhead the attack with a general purpose malware agent that calls home to report its arrival, and awaits further instructions?

Emotet first, to form a beachhead inside your network; Followed by Trickbot or some other network-snooping malware to learn, plunder, hack, tweak, reconfigure and manipulate your computer estate until the crooks behind the stealing and surveillance had learned as much as they felt they needed to know; Followed by a final, apocalyptic, flaming-skulls-on-your-wallpaper-type blast of ransomware and an associated, possibly breathtakingly expensive, blackmail demand.

We've always been happy to report on malware takedowns, cybercrime busts and other disruptions that have removed or reduced cybercriminality, but we've also always advised against relaxing too much when that sort of report appears.

Don't focus on individual malware families or malware types when planning your protection.

Emotet may be well-known, and rightly feared, but its method of operation is widely copied in many, perhaps most, malware attacks these days, and this MO has been in use since malware first became a money-making game.

In some senses, an initial infection by nmalware like Emotet is the end of one attack chain, because it doesn't itself contain specific malware tools such as password stealers, keyloggers, cryptominers or ransomare scramblers.


News URL

https://nakedsecurity.sophos.com/2021/11/16/emotet-malware-the-report-of-my-death-was-an-exaggeration/