Malware known as Emotet makes a return to dominate the current threats in circulation.
Emotet, a malware once considered one of the most destructive of the last decade, has made a remarkable comeback and is now the most common malware family in circulation, according to recent findings by HP Wolf Security and Netskope Threat Labs.
During the first quarter of this year, Emotet represented 9% of all malware identified by HP Wolf Security. This resurgence is evident in the numerous variants of malicious link files being spread by Emotet, with Netskope Threat Labs observing a few hundred different variants so far.
Ray Canzanese, threat research director at Netskope Threat Labs, stated that Emotet is not disappearing despite Office files becoming harder to weaponize. The group behind the newly regrouped Emotet botnet is a specialized cybercriminal group that operates infrastructure vertically integrated like legitimate enterprises. However, no specific unique name for the group was clearly identified in the available search results.
The threat actor behind Emotet has shown a remarkable adaptability, shifting away from Microsoft Office as a point of attack. In late April, Emotet temporarily switched from Office documents to link files, according to HP Wolf Security. This rapid shift is likely a foreseeable reaction to increasingly well-protected companies.
Email remains the most common vector for malware distribution, representing 69% of threats, according to HP Wolf Security. Emotet continues to embed malware in Microsoft Office macros, mostly targeting Japanese organizations with malicious Excel spreadsheets using email thread hijacking.
HP Wolf Security detected a quarterly increase of 476% in Java archive files and a 42% increase in JavaScript files. Despite Microsoft recently beginning to block macros obtained from the internet by default, many individuals still have macros enabled. These macros can still be a point of vulnerability for users who click on the wrong thing.
The quick recovery of Emotet, following an international crackdown, emphasizes the threat actor's ability to change tactics and targets. Between the fourth quarter of 2021 and the first quarter of 2022, there was a 2,823% increase in Emotet malicious spam campaigns.
However, there's some good news. Netskope earlier this week said the number of malicious Office documents it blocked through its platform has returned to pre-Emotet levels. This suggests that the efforts to combat Emotet are having an impact, but vigilance remains crucial.
HP Wolf Security detected threats using 545 different malware families during Q1, with Emotet, AgentTesla, and Nemucod as the top three. The battle against cyber threats like Emotet is an ongoing one, requiring constant updates and adaptability from security providers and users alike.
