The Nuspire Quarterly Threat Landscape Report: Emotet had a 730% increase in activity in September after being in a near dormant state. The malware has also new features, as TrickBot and Ryuk ransomware
Emotet has had a boom recently. It has been discovered by Nuspire cyber security experts, as Help Net Security reports. In the Quarterly Threat Landscape Report, they registered a 730% increase in malware’s activity in September, after being in a near dormant state. Furthermore, the modular banking Trojan, has added additional features to steal contents of victim’s inboxes and steal credentials for sending outbound emails. Those credentials are sent to the other bots in its botnet which are used to then transmit Emotet attack messages. In fact, it appeared with TrickBot and Ryuk ransomware to cause the most damage to a network. Data reported in the Report correlates more than 90 billion logs across the company’s 3,000 global network sensors. Customers enterprise and mid-sized businesses operating in the automotive, franchise, manufacturing, construction healthcare and financial services industries.
The cyber security report found also an increase by 144% in activity correlates to TrickBot, a 113% increase in Hawkeye malware, and 7% increase in Andromeda activity sourced from Asia and the Middle East
According to the cyber security experts, the report identified not only the Emotetr activity explosion. But also a 144% increase in activity correlates to TrickBot utilizing a feature called TrickBooster. This new addition gives the ransomware the ability to use the infected machine as a spam email bot. Once the victim receives the email lists the spam campaign begins operating from the victim’s computer. Furthermore, a 113% increase in Hawkeye malware, that is commonly sold on various hacking forums as a keylogger and stealer. This malicious code is typically delivered via email campaigns that appear to be requesting invoices, bills of materials, order confirmations as well as other things related to normal corporate functions. Finally, top 5 IoT attacks include OpenDreamBox, JawsDVR, Netcore, Netgear, and D-Link. Moreover, there is a 97% increase in Andromeda activity sourced from Asia and the Middle East.