The Emotet Malware – Using Covid-19 as an Opportunity for Cyber Crime
In 2019 December, the city of Wuhan experienced a virus with symptoms like pneumonia spreading around china like wildfire. Today, 80000 people are infected with the virus in china and other countries are experiencing the fear of getting infected by the virus. Singapore was not spared either as amidst the fear, there are cyber attackers taking advantage of this situation.
In the recent months we see signs of cyber attackers exploiting people’s fears by publishing messages in emails and WhatsApp prompting users to click on a specific link to be directed to a remedy for the virus. Users who clicked onto the link will be infected by the malware called Emotet.
What is the Emotet malware?
The malware Emotet was first discovered in 2014 as a banking trojan primarily spreading in e-mails or links to steal financial information from its victims. The malware phishes it’s victims by using keywords such as “financial statements, “bank error” and “transaction occurred” to lure the victims into clicking the links which contains malicious scripts to install the malware on the user’s device. From there the malware will able to download the virus payloads from the servers run by the server to obtain information from its victims.
This similar method is currently used by cyber attackers as well by making use of the keywords “corona virus cure” or “Corona virus countermeasures” to lure people into clicking the malicious link.
There are instances where the Emotet malware caused other malicious attacks such as ransomware.
How does the Emotet Malware spread?
Initial stages of Emotet spreads by obtaining victim’s e-mails and by using that e-mail to send out more phishing e-mails to lure victims.
Later versions of Emotet came together with other malware delivery services which can retrieve and harvest e-mail addresses and contacts while sending the malware to more devices and latest variant of Emotet discovered in 2019 is said to be able to exploit insecure Wi-Fi networks by brute force to established connection. Once breached, the malware will then spread to other devices connected to the network.
How was it discovered?
Researchers were able to discover a trend of using the corona virus as way of spreading the malware when a file named “CoronaVirusSafetyMeasures_pdf” distributed online. This “file” was apparently analysed to contain the same attack patterns as Emotet. Then it was sent around regions in China hoping to prey on unsuspecting victims to click on the links and thus infected by the malware.
As Emotet is a malware that preys on unsecured networks as well as victims who are unaware of the dangers which malicious links may contain, some of the following learning points will be able to help everyone in protecting themselves against this malware are:
- Secure Your Network Routers
- The Emotet malware can target unsecured networks. Users are advised to keep their router passwords strong and secure as to prevent the malware from using brute force to breach through easy passwords.
- Cyber Security Awareness & Resilience
- Everyone has a part to play in protecting themselves from becoming a victim of a cyber-attack. Regular guidance and training are to be adhered to keep themselves updated with the latest trend of cyber crime and best practices of cyber security such as identifying phishing attack, not clicking on to suspicious links as well as constantly updating of operating systems and software.
- Using an anti-virus
- Anti-virus software can help detect most malwares that are harmful to one’s devices as some variants of Emotet and other delivery malware signatures can be detected. Doing scans regularly lowers the risk of getting infected further.
- Do not believe fake news
- News are readily available for everyone on the internet but we must all have to ability to determine the source of news we read online, checking for the credibility of the source is important to prevent any cyber attackers from exploiting us.
As we keep ourselves safe against the corona virus, we must also be aware that cyber attacks are looming in every corner preying on victims who are fragile and unaware, just like the coronavirus, malware spreads very quickly and at an alarming speed. We must be vigilant in times of crisis to overcome this ordeal, preventing ourselves from being victims of cybercrime.