Μετά από ένα σύντομο διάλλειμα δυο εβδομάδων, μια τεράστια επιχείρηση του Emotet botnet που πραγματοποιείται μέσω ανεπιθύμητων messages electronics post officeis still in progress. Until recently, most attacks were recorded on users in Greece (17.7%), while an equally significant number of attacks occurred in Japan (16.5%) and Lithuania (15.3%).
According to Forrester, botnets are one of the top cyber threats to look out for in 2020, and with a workforce working remotely in different areas, many organizations can become more vulnerable than ever.
Botnet businesses can become more complex by engaging in a wide range of illegal activities such as collecting browser information, collecting passwords, stealing login credentials from banking sites, or developing ransomware.
In the recent malware of Emotet, spam usually contains stolen legitimate communication and a general "Please see attached document" lure.
The attachment this time is a malicious document, detected by ESET as GenScript.KLH. This is a document containing a malicious VBA, detected as VBA / TrojanDownloader.Agent, which is the beginning of a chain business contaminations.
Emotet is considered particularly dangerous, as it then installs on computer of the victim and other malicious programs such as Trickbot and QBot. Trickbot and QBot have their own malicious activity, however they can in turn lead to Conti (Trickbot) or Ryuk ransomware attacks.
https://www.youtube.com/watch?v=w2i-4mU-ldY
It is important to note that, despite the huge malicious operation of Emotet botnet, the action of the malicious TrickBot - which, since 2016, has infected over one million computers - remains at a very limited level thanks to the joint effort to stop ESET , Microsoft, Black Lotus Labs Threat Research by Lumen, NTT and others.
Trickbot is known to steal users' credentials from compromised computers and, more recently, it has been observed as a mechanism for carrying out more serious attacks, such as ransomware attacks.
The coordinated global operation interferes with Trickbot by destroying its command and control servers. ESET contributed to the effort by offering technical analysis, statistics data and names and IP addresses of command and control servers.
Dealing with such a threat may seem like a daunting task, but there are ways in which organizations can protect themselves from botnet attacks.
Businesses also need to ensure that their networks are always up to date recent security updates, preventing cybercriminals from exploiting potential vulnerabilities. In addition, as remote ports can be turned into a hacker entry point, businesses should limit access as much as possible - especially when it comes to an RDP port.
