January Updates: Emotet is No More

Emotet is no more

It would seem that 2021 is going to be quite the year for cyber security news! 

Already in the first month, we have seen some industry-shaking things happen.  Here at Blue Bastion, we stay apprised of cyber security related news in order to provide the best in cyber security services, and to help our customers stay protected in an ever-changing world! 

In this blog post we will review a few of the happenings from January.

Emotet is Out

Emotet is no more! 

Yes, in case you live under a rock or haven’t left your basement for a few days, European authorities conducted raids against the infrastructure of Emotet – a notorious piece of malware that was usually delivered via email and was involved in everything from spam campaigns to ransomware attacks. It was well-known, ancient, and still effective across many environments! 

The operation was named “Operation Ladybird.” It involved joint work between multiple countries across Europe and the United States.  During these raids, authorities took control of the servers used to run and operate the malware network. 

If you are not familiar with Emotet, it is considered to be the initial infection vector for multiple attack. It was sold to multiple cyber crime groups for use. 

Despite being around since 2014, when it was known as a credential stealer and banking trojan, it was adopted and changed to become a downloader, an information stealer, or a spambot, depending on how it was deployed.

As with most malware families, Emotet was constantly updated and developed.  It had even adopted a WiFi spreader to help in identifying and compromise new victims connected to nearby WiFi networks. 

Cyber security professionals had seen it used to deliver payloads, such as TrickBot and Ryuk ransomware, via its very own botnet of compromised machines.  It was a persistent threat across the security world.

Here's what that means, in terms of cost

So, what are we talking in costs? 

Well, according to investigators, analysis showed that the group running Emotet had $10.5 million being transferred over a two-year period, and that is only on one platform! 

They actually spent $500,000 just to maintain their infrastructure.  As to the victims associated with this malware, it estimated to be around $2.5 billion in costs.  This is quite a substantial cyber threat group. 

How to see if Emotet affected you

With the takedown of Emotet’s servers, authorities have restructured the malware to be directed to the new law-enforcement controlled infrastructure, which will hopefully prevent further exploitation. 

Along with this the Dutch National Police released a tool to help possible victims check for compromise.

Basically, you enter your email address into the form and they will reply with an email advising you if your name and email address was located in the groups servers.  Remember, Emotet was a credential stealer, so it might be valuable for you to check and see if your organization had been compromised either in the present or in the past! 

Also, remember that Emotet was a “door opener” for other malware, so if you were infected with Emotet, you may have been further compromised and should ensure that you are secure! 

One of the fascinating things about this action is that video is available of the raids.  Blue Bastion recommends that you watch these videos for educational purposes.

As you watch, we ask that you truly process what you are seeing. This is a multi-billion dollar criminal organization.  Take a moment and consider the environment in which it was run. 

Clean?  Organized?  User-friendly?  These are not exactly the words that would describe their set-up. 

Getting the right cyber security support

Most cyber security programs and companies would love to have billions of dollars to spend, but most struggle to just get through day-to-day activities! 

So, what does this mean?  What practical lessons can we learn from this real-world example?

First, money is not everything.  

Despite spending $500,000 in maintenance and upkeep of their systems it still looked like a rat trap. To echo a well-known saying, money cannot buy you happiness, nor can it buy you security. 

If such a persistent and well-known piece of malware can be maintained in systems like these, then you could do much to enhance your security posture without spending so much.  

Now, do not mistake us here, we are not saying that you don’t need a budget or money to run a cyber security program. Not by any stretch of the imagination.

But, we do want to stress that many CISO’s and other security professionals are caught up in the budget game and over look the most important part of cyber security, your people. 

Secure Your Network With Blue Bastion. Contact Us Today!