The malware at the heart of the campaign is Emotet, which began life as a banking trojan, but it has morphed into something quite different in recent times.
It’s now a full-fledged botnet and its creators are leasing it out to anyone who can pay.
Make no mistake, the latest configuration of Emotet isn’t a threat to be taken lightly. Last year, it accounted for almost two thirds of malicious payloads delivered via phishing attack. The malware was heavily used throughout much of 2019, suffered a marked decline during December, and then came roaring back to the fore in January of 2020.
While the major thrust of this latest campaign is aimed at financial institutions, a small number of attacks have been made against companies in the media, transportation, and food industries.
The campaign is being conducted largely by phishing emails that contain a Microsoft Word Document that pretends to be an invoice for a service recently rendered. The email subject line varies but in all cases it mirrors the invoice and/or bank details.
Naturally, if a recipient attempts to open the invoice, he or she will get a popup box indicating that Macros must be enabled in order to properly view it. If the recipient clicks the button to enable macros, the malicious payload will be installed.
This is time tested and a reliable method of getting malicious code onto target machines. It’s been around for years, but it’s still in use because it’s so effective. Make sure your employees are aware of the threat and stay vigilant. If the early indications mean anything, 2020 is going to be a very trying year.