[ad_1]
After a short two-week break, a big business from the malware Emotet botnet, which is carried out via email, is in progress again!
Until recently, the majority of attacks were recorded against users in Greece (17.7%), while an equally significant number of attacks occurred in Japan (16.5%) and Lithuania (15.3%), according to the cybersecurity company ESET, creator of the antivirus programs of the same name.
According to research firm Forrester, botnets are one of the top cyber threats to watch out for in 2020.
Data lock then … rescue
In fact, with a growing workforce working remotely in different areas, usually from home, many organizations may become more vulnerable than ever.
Botnet companies are becoming more complex and engaging in a wide range of illegal activities, such as collecting browser information, collecting passwords, stealing login credentials from banking sites, or developing ransomware malware (requesting a ransom to unlock the computer ).
How they mislead users
In recent Emotet malware, spam usually contains some legitimate stolen communication and a blanket lure “See attachment.”
The attachment is a malicious document that ESET detected as GenScript.KLH. This is a document that contains a malicious VBA, identified as VBA / TrojanDownloader.Agent, which is the beginning of a chain infection.
Emotet is considered particularly dangerous as it then installs other malicious programs on the victim’s computer, such as Trickbot and QBot. Trickbot and QBot have their own malicious activity, however, in turn, they can lead to Conti (Trickbot) or Ryuk ransomware attacks.
Coordinated global operation
However, despite the huge malicious operation of the Emotet botnet, the action of the malicious TrickBot, which since 2016 has infected more than a million computers, remains limited thanks to the joint efforts of ESET, Microsoft and Black Lotus Labs Threat Research. from Lumen, NTT and others.
Trickbot steals users’ credentials from compromised computers, and more recently has been found to act as a mechanism for more serious attacks, such as ransomware attacks. The coordinated global operation intervened in Trickbot by destroying the command and control servers. ESET contributed to the effort by providing technical analysis, statistics, and command and control server names and IP addresses.
ESET emphasizes that companies must ensure that their networks are always up to date with the latest security updates, preventing cybercriminals from exploiting potential vulnerabilities. Also, since “remote controls” can become the entry point for hackers, companies should limit access as much as possible, especially when it comes to an RDP port.
