author photo
By Clare O’Gara
Tue | Jul 21, 2020 | 9:15 AM PDT

Noticing more spam than usual in your email inbox lately? It's not just you.

Emotet botnet is back

A five-month hiatus sounds like a long time. But when you learn who took the vacation, you'll wish that break was even longer.

The world's most costly and destructive botnet, Emotet, reemerged last week, bringing with it a rain of emails that install ransomware, bank fraud trojans, and other nasty malware strains.

According to Ars Technica, this lengthy hiatus is fairly common for Emotet:

"The group is known for taking long breaks and regularly taking time off during weekends and major holiday seasons. True to its normal pattern, the latest Emotet activity had completely stopped on Saturday morning as this post went live. Besides allowing its workers to maintain a healthy work-life balance, the schedule makes campaigns more successful."

The last time Emotet blew up was in February 2020, when it sent out 1.8 million messages over five days.

Given how much has changed over the last five months, when you think about that timeline, it almost makes you wish you were Emotet.

How does Emotet work?

When it comes to tricking users into malicious emails, Emotet has several tricks up its (digital) sleeves.

The first strategy? Manipulating trust.

  1. Emails often appear to arrive from a person the target has corresponded with in the past.
  2. The messages often use the subject lines and the bodies of previous email threads the two have participated in.

And these techniques also have a dual benefit:

  1. It tricks the target into thinking the message can be trusted because it comes from a known friend, acquaintance, or business associate who is following up on a previously discussed matter.
  2. The inclusion of authentic content also makes it harder for spam filters to detect the emails as malicious.

But that's not all. Emotet also has strategies to defend itself from security products.

"It steals usernames and passwords for outgoing email servers. The botnet then uses the credentials to send mail from those servers rather than relying on its own infrastructure."

Combined, these tools create a virtually super-powered botnet that further reveal the importance of addressing phishing attacks.

The path toward eradicating phishing schemes is far from clear, but SecureWorld has resources to make it clearer.

Check out our webinar on phishing, "Phishing Attacks Are Becoming More Evolved: How to Eradicate Them."

Fraudulent emails from the "World Health Organization" urging you to take action. Fake emails from "your CEO" asking for gift cards or sensitive information. Every day, we're getting deceptive communications—and it's only getting worse.

Here's what the webinar covers:

  • What is the new era of phishing attacks?
  • How reliance on historical data can't stop evolving attacks
  • How focusing on who sends email is the key to defining email security policies and protecting your organization