Financial services malware will not die. What to do about it.

“Emotet is one of the most professional and long-lasting cybercrime services,” according to Europol. The malware, first discovered in 2014, was believed to have been defeated by law enforcement in eight countries in January 2021. However, it reportedly resurfaced last November.

Emotet is usually spread via phishing spam emails. It launches its service once a user clicks on a link that opens a macro-enabled attachment. Considered the most dangerous malware in existence, Emotet is the most frequently reported malware by financial organizations. The FBI, which participated in the coordinated takedown of the Emotet infrastructure, identified more than 45,000 computers and networks in the United States that had been affected by the malware.

Emotet is particularly evasive and difficult to detect as it is able to cover its tracks, blending in with general email communications using reconnaissance methodologies. Specifically, the Trojan is able to access old email messages in a victim’s inbox and, by replying to them, add itself to an existing email conversation. Pretending to be a legitimate correspondent, it then sends a malicious attachment. This, rather than inflicting harm on a victim’s device, primarily functions as a downloader or dropper of other malicious code. According to the US Cybersecurity & Infrastructure Security Agency (CISA): “Emotet is a polymorphic banking Trojan that can evade typical signature-based detection.”

Crimeware on Demand

Emotet is an early example of malware-as-a-service, essentially a loader for rent, which cyberattackers could rent to deliver their own malware. Dubbed the triple threat by many in terms of security, it was used to spread the TrickBot malware, which in turn was used to trigger Ryuk attacks that reportedly accounted for a third of all ransomware attacks in 2020.

This demonstrates the organized crime characteristics of cyberattacks. Cybercriminals represent an underground ecosystem that connects individual malicious actors to sophisticated criminal syndicates operating networks of infected computers, or botnets, which can be controlled from a centralized computer to deploy attacks.

Education that advises end users to avoid clicking on these baited links can only deter attacks. Security experts say there is no realistic way to guarantee that all business systems are completely secure. When a system is infected, malware quickly tries to move laterally through the network to find more targets of opportunity.

Focus on the crown jewels of the organization

Financial services organizations need to focus their security efforts on protecting their “crown jewels” (their most sensitive critical data) and deterring lateral malware migration.

“A good practice here is a mix of identifying and blocking dangerous domains, while securely connecting users and devices to the internet with a secure web gateway, while ensuring that potential infections cannot spread inside your core network,” says Gerhard Giese. , industry strategist at Akamai. “Financial services institutions should incorporate a zero-trust approach of ‘never trust, always verify,’ coupled with real-time threat intelligence.”

Akamai helps businesses improve data protection and security with solutions such as:

  • Enterprise Threat Protector, which proactively identifies, blocks and mitigates targeted threats such as malware and phishing.
  • Zero Trust Network Access, including Threat Intelligence, a high-performance, cloud-based, identity-aware service for secure application access without requiring users to access the network.
  • Kona Site Defender, a cloud-based web application firewall with constantly updated application-layer firewall protections.
  • Lateral movement is critical to the success of a ransomware attack. With Guardicore’s microsegmentation technology, now part of Akamai’s Zero Trust security solutions, you can easily configure control policies to detect breaches and stop the spread of ransomware before attackers can gain access to your infrastructure and your applications.

The resurgence of Emotet is a testament to how cyberattackers continue to develop proven malware, while developing new threats. It takes coordinated industry threat intelligence, advanced technology solutions, and human analysis to keep organizations evolving their defenses at the same pace.

The most innovative financial services organizations trust Akamai to secure their data. I found why.

Does your company improve the lives of your customers through innovative digital experiences? We want to hear about it! Take part in the Future of Life online challenge for a chance to win $1 million in cybersecurity solutions and cutting-edge technologies from Akamai.

Tell me more

Copyright © 2022 IDG Communications, Inc.

Stephen V. Lee