Experiencing an Inbox Influx? – It’s Probably Emotet, Again

Last week, researchers observed Emotet awake from its 160 day slumber. The “public cyber enemy,” as Malwarebytes is calling it, seemed to warm-up as it began lightly populating inboxes on July 13. But by July 17, the malspam onslaught commenced with nearly a quarter million messages. Emotet usually emerges out of hibernation with a new tactic in its arsenal, but so far nothing remarkable. It seems to be up to its old tricks, but that does not make it any less problematic as Emotet is used to spread additional malware, such as TrickBot and ransomware, including Ryuk. According to Proofpoint, the messages contain malicious Microsoft Word attachments or URLs linking to malicious Word documents hosted on compromised WordPress websites. In addition to frequent prior reporting and briefings on Emotet, Paul Scott, Director of Threat Research at Perch Security recently provided a comprehensive background for members during WaterISAC’s Water Sector Cyber Threat Briefing on May 27. Additionally, members are encouraged to review the MITRE ATT&CK Framework to understand additional techniques used by Emotet for better network defense against this familiar foe. Read more about Emotet’s awakening at Proofpoint