Automated spear phishing discovered in the wild for the first time
Emotet automates previously manual spear phishing and thus harbors a significantly higher risk potential. The malware reads contact relationships and email content from the mailboxes of infected systems. The criminals then use this information for further distribution. This is how it works: Recipients receive emails with authentic-looking but fictitious content from senders with whom they have recently been in contact. Because the names and email addresses of the sender and recipient are correctly entered in the subject, salutation and signature, these messages appear authentic to many. Therefore, they tempt people to open the malicious attachment or the URL contained in the message carelessly.
Emotet reloads further malware, which in several cases led to serious production losses - entire company networks had to be rebuilt. One example of such incidents is the Krauss Maffei engineering group. After the attack at the end of November, the 5000 employee company, headquartered in Munich, had only produced with reduced performance at some locations, as many computers had been paralyzed due to a trojan attack, confirmed a company spokesperson (source: heise). A ransom demand was also made by the criminals. After 2 weeks his company was on the 'way to normal', the production would be ramped up.
The snowball effect - it can hit anyone
But not only the initial infection is a problem. Once the computer is infected, the address book can be used to obtain information about the next targets. This information can then be used to send further spear phishing emails. In the worst case, a kind of snowball effect develops: As soon as even one business partner or employee in the company learns of an incident, well-done, targeted attacks on other colleagues must be expected. The BSI therefore anticipates a further increase in sophisticated, automated social engineering attacks of this kind in the future, which are virtually impossible for the recipient to identify as such.
Now what can you do to protect yourself?
The BSI recommends installing appropriate updates in good time, using AV software and carrying out regular file backups (backups) (source: https://allianz-fuer-cybersicherheit.de). Furthermore, the segmentation of the network is recommended.
For the technical solutions there are numerous good suppliers, also from Germany. E-mail solutions from NoSpamProxy or HornetSecurity are also necessary additions, but they cannot stop everything. For this reason, the BSI calls awareness measures 'a must'.
Employee sensitization 'a must' according to BSI
There are several options to implement effective awareness raising measures. Informing the users initially via a circular mail is always a quick solution and a good reminder. Whether this reminder actually helps in case of doubt with the deceptively real-looking e-mail from the supposed colleague is open to question. In fact, in addition to a lack of attention, there is also often a lack of knowledge. In order to both increase attention in everyday life and to support the user in being able to recognize and report attacks, we offer individual spear phishing simulations as part of our phishing training courses.
In doing so, we are one step ahead of the current attacks: We use publicly available information from social media and the company website - just as a real attacker would do manually. However, IT-Seal has automated this process to a large extent, so that we can simulate targeted attacks on all employees, even for large companies. Because only through 'learning by doing' does sustainable security awareness develop. As a German cyber security start-Up, the topic of data protection and employee protection is of course central to us.
IT-Seal trains thousands of employees every day to deal with attacks like EMOTET
If you are thinking about a demonstrably effective training for your employees, please contact us. We have the experience: Every day we train with help of our our spear phishing simulation thousands of employees to spear phishing attacks like those of EMOTET.