Emotet malware campaign is back: ACSC

By Dylan Bushell-Embling
Tuesday, 06 October, 2020

Emotet malware campaign is back: ACSC

The Australian Cyber Security Centre has warned that the Emotet malware campaign targeting Australian businesses and government agencies is back in action.

In a threat advisory, the agency said it has observed “an ongoing and widespread campaign of malicious emails designed to spread the Emotet across a variety of sectors in the Australian economy, including critical infrastructure providers and government agencies”.

The attack campaign typically uses malicious attachments including Microsoft Word and Excel files and PDF attachments. These files contain macros designed to download and install the Emotet malware when opened.

But the ACSC has also received reports of Emotet being spread through untargeted bulk spam emails, as well as what appears to be targeted spear-phishing emails.

In addition, the agency has observed a recent increase in the Emotet malware using email thread ‘hijacking’ to spread itself.

This tactic involves the malware stealing an infected victim’s email contacts and recent email threads and exfiltrating this information to an actor-controlled command-and-control (C2) server, then sending further phishing emails containing a malicious Emotet attachment, leveraging existing email threads with uninfected contacts and spoofing the infected victim’s email address.

Previous Emotet attack activity has led to ransomware attacks, such as the attack on the Victorian health sector in 2019 using the Ryuk ransomware variant.

The ACSC is urging Australian organisations at risk of attack in the campaign to block macros from accessing the internet where possible, while hardening workstations to limit PowerShell access when not required to further limit the effectiveness of malicious macros.

Companies and agencies should also implement regular patching, conduct daily backups of critical data isolated offline, and consider adopting additional security controls including email content scanning or network segmentation.

The ACSC is also urging organisations suspecting that their environments have been compromised to report the incident to the agency.

Image credit: ©stock.adobe.com/au/Alexander Limbach

Related Articles

Communications cybersecurity to be top of agenda at CCV

Leading experts from the NSW Government, NIST and the private sector will spearhead the...

British Airways fined $36.5m for major data breach

The UK Information Commissioners' Office has issued its largest fine to date to British...

Survey: Ransomware victims forever changed

A global survey has found that organisations hit by ransomware are never the same, with...

  • All content Copyright © 2020 Westwick-Farrow Pty Ltd