In an extraordinary broad, well-coordinated and timed collaboration, law enforcement agencies of eight countries and the Europol have to takedown the globally distributed infrastructure Emotet had nurtured over the years. teamed together While the Europol’s announcement might seem trivial and abstract to some, only valuable to cyber researchers like us, it is worth noting that throughout 2020, Emonet potentially affected one out every five organizations worldwide. Often unaware, the infected companies had increased chances of being victims of ransomware. This news reflects the importance of global cyber task forces and joint interests to protect the public from cyber-threats that have caused losses of millions of dollars in damages and disrupted business globally. Emotet, which was once a Banking Trojan and became a full-blown botnet was the most successful and prevalent malware of 2020 by a long way.  Data from Check Point Research’s , shows that over the course of last year, Emotet impacted the networks of 19% of organizations globally. Check Point’s latest even revealed that the Emotet Trojan had returned to first place in the December top malware list, impacting 7% of organizations globally that month, following a spam campaign, which targeted over 100,000 users per day during the holiday season. ThreatCloud Global Threat Index The botnet earned its reputation for its not only dynamic nature and unique technical features, but also because of the highly organized criminal business model, it developed.  Instead of acting alone, the threat actors behind Emotet chose to collaborate with other organized cybercrime groups like Trickbot and , and together they became very effective partners in crime. Ryuk ransomware In this vicious coalition, Emotet, through its broad worldwide infrastructure, was responsible for gaining the first foothold within companies and organization all around the globe. This large base of infections was then sold to other cybercrime operations such as Trickbot, which was responsible for broadening the foothold within the compromised networks by lateral movement, dissecting and mapping them into industries and companies, and in turn selling those infected networks onto ransomware players such as Ryuk, leading to some very . high profile and publicized cases This has been the infrastructure behind the ongoing success of ransomware in recent years. attacks In November, found that Trickbot and Emotet laid the foundations to ransomware attacks against hospitals and healthcare providers globally, driving a spike in ransomware attacks worldwide. This is being done due to the abilities described here. Check Point Research In 2020 the Emotet botnet, which lured victims through phishing emails, sent over . The botnet constantly adjusted its phishing emails to reflect victims’ interests and capitalize on global events (e.g. the Covid–19 pandemic or major shopping seasons such as Black Friday). 150,000 different email subject lines So far, very little information has been publicly shared regarding the extent of this takeover. According to in the hours following the joint statement, evidence began to appear online of possible arrests made alongside takeovers of offensive infrastructure. If this evidence is conclusive, the damage to the Emonet infrastructure could be fatal. However, it is yet too early to determine. Europol’s announcement shows how close co-operation between security researchers, software vendors, law enforcement and government agencies can mitigate and even eliminate major cyber-threats and disruptive attacks which can impact all of our lives.  Based on these successes, we are optimistic that 2021 will give many more positive examples of how cyber-threats are being overcome. Europol´s statement Emotet in Numbers Emotet activity peaked this year during August-October with an average of 47,000 infection attempts spotted each month. In November, this number dropped to under 700 after Emotet took a short break. In the last two months, Emotet has been active with around 10,000 per month, which is than the amount seen earlier. almost 80% lower In parallel, we have also seen over 40% decrease in new Emotet C&C communication in the past 2 months vs. the peak period Geographical distribution Security Tips to Keep Your Organization Safe prevents attempts to exploit weaknesses in vulnerable systems or applications, protecting you in the race to exploit the latest breaking threat. Updated IPS helps your organization stay protected. Intrusion Prevention System ( IPS ) is essential though an incomplete security measure, which can leave your network open for attack. By taking a more comprehensive approach, which combines robust IPS functionality with a concerted patching strategy, network administrators can better equip themselves to handle ‘Patch Tuesdays’ and secure the network between upgrades and patches. Patching Conventional signature-based Anti-Virus is a highly efficient solution for preventing known attacks and should definitely be implemented in any organization, as it protects against a majority of the malware attacks that an organization faces. In addition, comprehensive at the highest security level is crucial in order to avoid security breaches and data compromises Endpoint protections: endpoint protection

Alongside

Check Point

The Disruption of Emotet and What we Know About it

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Best Practice: Identifying And Mitigating The Impact Of Sunburst

47 Stories To Learn About Checkpoint

Best Practice: Identifying And Mitigating The Impact Of Sunburst

Check Your Privilege: Designing Cloud Infrastructures According to the Least Privilege Principle

Cloud Sourcing as a Crucial Component in Threat Prevention

Cloud Threat Hunting: Investigating Lateral Movement

Best Practice: Identifying And Mitigating The Impact Of Sunburst

47 Stories To Learn About Checkpoint

Best Practice: Identifying And Mitigating The Impact Of Sunburst

Check Your Privilege: Designing Cloud Infrastructures According to the Least Privilege Principle

Cloud Sourcing as a Crucial Component in Threat Prevention

Cloud Threat Hunting: Investigating Lateral Movement

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps