Various cybersecurity firms have observed that everybody’s email enemy emerged after another routine respite. As Emotet has proven to be a resilient threat, researchers report that it resumed activity again on March 7. While Emotet is still leveraging email as its initial infection vector, it’s important for defenders to track the various behaviors it adopts during each resurrection and detect and protect accordingly. According to Cofense, for this round Emotet is attaching very large .zip files that are not password protected. The attached .zip files deliver Office documents which prompt users to “Enable Content” allowing malicious macros to run, which in turn download and execute the Emotet downloader. For more, visit Cofense.
Additional WaterISAC Coverage
