- Contact Us
In this blog we’ll be discussing the Emotet malware program, particularly regarding the most recent and ongoing malspam campaign using the Multi-State Information Sharing and Analysis Center (MS-ISAC), and State, Local, Tribal, and Territorial (SLTT) branding.
What is Emotet?
A recent and ongoing Emotet malspam campaign has been identified as using the MS-ISAC as well as SLTT government branding, and delivering via emails containing fake invoice Word documents with attachments. The malicious email will spoof the MS-ISAC or SLTT email addresses, with domains ending in “.mx”. The body of the email will request missing paperwork or an invoice, instructing the user to open the attached file. When the document is opened a macro runs that downloads Emotet. The five known spreader modules are as follows:
Once Emotet is downloaded, it often compromises every computer on the network.
Prevention Recommendations to prevent an Emotet attack:
The following are preventive actions and best practices your organization can take to ensure your risk of getting infected is minimized. Please be aware that most of these recommendations are technical and require elevated privileges. It is recommended that these recommendations get shared with your internal IT team.
Compass IT Compliance has been conducting Security Awareness Training, Social Engineering and Phishing Assessments with clients since 2010, helping employees ready themselves for this level of cyber-attack. The best form of security is prevention, and that begins with preparing your work force to properly identify a threat when it appears! Are your employees prepared to combat malware attacks when they arise? Our team is committed to partnering with you to provide you with expert knowledge around your risks and steps you can take to mitigate those risks. If you have any questions or want to talk to one of our security professionals, contact us and we can get a call scheduled!