Increased Emotet Malware Activity

["US-CERT" <US-CERT () ncas us-cert gov>]

Cybersecurity and Infrastructure Security Agency Logo

National Cyber Awareness System:

Increased Emotet Malware Activity [ 
https://www.us-cert.gov/ncas/current-activity/2020/01/22/increased-emotet-malware-activity ] 01/22/2020 06:04 PM EST 
Original release date: January 22, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a recent increase in targeted Emotet malware 
attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware. Emotet 
primarily spreads via malicious email attachments and attempts to proliferate within a network by brute forcing user 
credentials and writing to shared drives. If successful, an attacker could use an Emotet infection to obtain sensitive 
information. Such an attack could result in proprietary information and financial loss as well as disruption to 
operations and harm to reputation.

CISA recommends users and administrator adhere to the following best practices to defend against Emotet. See CISAs 
Alert on Emotet Malware [ https://www.us-cert.gov/ncas/alerts/TA18-201A ] for detailed guidance.


  * Block email attachments commonly associated with malware (e.g.,.dll and .exe). 
  * Block email attachments that cannot be scanned by antivirus software (e.g., .zip files). 
  * Implement Group Policy Object and firewall rules. 
  * Implement an antivirus program and a formalized patch management process. 
  * Implement filters at the email gateway, and block suspicious IP addresses at the firewall. 
  * Adhere to the principal of least privilege. 
  * Implement a Domain-Based Message Authentication, Reporting & Conformance (DMARC) validation system. 
  * Segment and segregate networks and functions. 
  * Limit unnecessary lateral communications. 

CISA encourages users and administrators to review the following resources for information about defending against 
Emotet and other malware.


  * CISA Alert Emotet Malware [ https://www.us-cert.gov/ncas/alerts/TA18-201A ] 
  * Australian Cyber Security Centre (ACSC) Advisory Emotet Malware Campaign [ 
https://www.cyber.gov.au/threats/advisory-2019-131a-emotet-malware-campaign ] 
  * CISA Tip Protecting Against Malicious Code [ https://www.us-cert.gov/ncas/tips/ST18-271 ] 

This product is provided subject to this Notification [ https://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ https://www.dhs.gov/privacy-policy ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]