Seqrite says it is detecting daily intrusions by banking malware Emotet

Emotet, a Trojan first discovered in 2014, steals sensitive financial information. It has evolved into a complex threat distributor capable of providing a launch pad for sophisticated attacks
Priyanka Sangani
  • Published On May 23, 2019 at 11:29 AM IST

Seqrite, the enterprise security solutions arm of Quick Heal Technologies, said it has been detecting more daily intrusions by banking malware Emotet since December 2018, marking a big security threat for Indian enterprises.

Emotet, a Trojan first discovered in 2014, steals sensitive financial information. It has evolved into a complex threat distributor capable of providing a launch pad for sophisticated attacks. It does so by hacking email conversation threads to insert malicious links.

“Emotet’s evolution over the last five years is as alarming as it is stunning. It is today amongst the most dangerous malware of our times, with major implications for enterprises across India,” said Sanjay Katkar, chief technology officer, Quick Heal Technologies.

Advt
A single breach could be used as an entry point into multiple networks and systems, potentially compromising data and disrupting processes on a scale not seen before, he said. “This is a wake-up call for Indian enterprises to adopt cutting-edge cyber security solutions,” Katkar said.

Detecting an Emotet intrusion is tough because of its polymorphic nature – meaning, it can change itself every time it is downloaded. This makes signature-based detection difficult.

In its current form, Emotet is being used to achieve multiple objectives. Malware authors first steal user credentials, then use these credentials to gain access to user accounts to spam more users and further spread the malicious code. Finally, they deploy other malware such as Qakbot, TrickBot and Ryuk Ransomware on the Emotet-infected system to maximise the damage.

The malware also has the ability to hijack existing email threads and insert a malicious link or infected file without changing the conversation threads. These mails are then sent from the infected endpoint, giving the impression that they’ve been drafted by one of the correspondents. Anyone then clicking on the link ends up downloading a self-executable copy of Emotet on the computer system.

Katkar said a breach could have long-term implications, leaving them vulnerable to more sophisticated attacks.

Organisations should conduct employee awareness programs and implement robust cyber security and data protection measures, he said. This includes a multi-layered approach to deploying security solutions like endpoint security, unified threat management and secure web gateway.
  • Published On May 23, 2019 at 11:29 AM IST
Be the first one to comment.
Comment Now

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETCISO App

  • Get Realtime updates
  • Save your favourite articles
Scan to download App