skip to Main Content
+44 (0) 1628 308038 info@tidorg.com

New Emotet attacks use fake Windows Update lures

Emotet Attack

Emotet botnet is one of the largest sources of malspam — a term used to describe emails that deliver malware-laced file attachments. These malspam campaigns are absolutely crucial to Emotet operators.

This week, Emotet is displaying a new document lure. File attachments sent in recent Emotet campaigns show a message claiming to be from the Windows Update service, telling users that the Office app needs to be updated and to ‘Enable Editing’.  These malicious documents are being sent from emails with spoofed identities, appearing to come from acquaintances and business partners.

Furthermore, Emotet is still using a hard to detect technique called conversation hijacking, through which it steals email threads from infected hosts, inserts itself in the thread with a reply spoofing one of the participants, and adding the malicious Office documents as attachments.

Emotet operators change email subject lines, the text in the email body, the file attachment type, but also the content of the file attachment, which is as important as the rest of the email.

Users who receive Emotet malspam, besides reading the email and opening the file, still need to allow the file to execute automated scripts called “macros.” Office macros only execute after the user has pressed the “Enable Editing” button that’s shown inside an Office file.

The technique is hard to pick up, especially among users who work with business emails on a daily basis, and that is why Emotet very often manages to infect corporate or government networks on a regular basis.

In these cases, training and awareness is the best way to prevent Emotet attacks. Users who work with emails on a regular basis should be made aware of the danger of enabling macros inside documents, a feature that is very rarely used for legitimate purposes.

Knowing how the typical Emotet lure documents look like is also a good start, as users will be able to dodge the most common Emotet tricks when one of these emails lands in their inboxes, even from a known correspondent.

With thanks to the Cyber Defence Alliance and ZDNet. The full story is here: https://www.zdnet.com/article/new-emotet-attacks-use-fake-windows-update-lures/

Request A Demo: Security Awareness Training

products-KB4SAT6-2-1

New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defence. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

Close search
Basket
Back To Top