- Cybersecurity
Asset management and contact details in the event of an incident, new developments in the Security Portal for Local Administrations
We send this information to you to take the appropriate verification, containment, and eradication measures regarding your fraudulent mailing campaigns.
Mass mailing with fraudulent content associated with a high-risk threat is taking place. The emails are related to malware known as Emotet. In addition to appropriating information and spreading it via email, Emotet acts as a Trojan horse that opens the door to other actors. These, in turn, often deploy malicious software for espionage, intrusion into organizations, and encrypting information for the purpose of demanding an economic bailout.
Emotet is distributed by mail in waves that occur recurrently at least since August 2017. The activity had ceased in the second quarter of 2019, but from September 15 has resumed especially actively and with global impact, which has motivated the statement. However, this is a constant threat in the face of which effective measures must be sought that can remain active on a permanent basis.
One of the factors that is causing these campaigns to be very successful is the reuse of previous compromised email threads to gain user trust. In many cases, one of the identities (at least one of them) is supplanted and office documents with malicious content are attached via macros. Malicious emails are usually short, vague texts that appear to be the answer to a previous message. "Pending confirmation of the material you need" or "new template" are real examples of their content. The origin of the mail is usually displayed to mail clients with two addresses, the last one sending the mail and usually unknown to the recipient.
As a Center for Information Security of Catalonia (CESICAT), we recommend the following measures to address this threat:
On the other hand, we also recommend the following additional measures to be applied:
In the event of an incident, contact CESICAT-CERT cert@cesicat.cat
References:
Specific mitigation measures by Emotet
Threat post: Emotet Returns from Summer Vacation, Ramps Up Stolen Email Tactic
Bleeping computer: Emotet Trojan Evolves Since Being Reawakened, Here is What We Know
Cisco Talos Intelligence: Emotet is back after a summer break