The infamous Emotet malware was the most common type of malware observed in the first quarter of 2022, according to analytics from the HP Wolf Security threat research team. The researchers found a 28-fold increase in detections resulting from Emotet malicious spam campaigns compared to the fourth quarter of 2021. Emotet represents 9 percent of all malware analyzed by the researchers. The Cybersecurity and Infrastructure Security Agency (CISA) described Emotet as one of the most destructive and costly malware to remediate. Most recent Emotet campaigns have employed the email thread hijacking technique, in which threat actors send malicious payloads into pre-existing email chains. And since the message appears in a previous legitimate correspondence, victims are often lulled into a false sense of security. Emotet can perform multiple malicious activities including, but not limited to, stealing user data, conducting lateral movement, and deploying ransomware.

“Our Q1 data shows this is by far the most activity we’ve seen from Emotet since the group was disrupted early in 2021 – a clear signal its operators are regrouping, building back their strength and investing in growing the botnet,” said Alex Holland, a Senior Malware Analyst, with HP’s Wolf Security threat research team. “Emotet also continued to favor macro-enabled attacks – perhaps to get attacks in before Microsoft’s April deadline, or simply because people still have macros enabled and can be tricked into clicking on the wrong thing.” Read more at HelpNetSecurity or access the full report at HP.