September 17, 2019 By David Bisson < 1 min read

The actors behind the Emotet botnet ended a four-month hiatus by launching a malspam campaign targeting Polish- and German-speaking users.

According to ZDNet, security researcher Raashid Bhat spotted the Emotet botnet distributing new spam emails beginning on Sept. 16. Those emails contained malware-laden attachments and URLs that linked to malicious downloads. Users who downloaded or executed one of the malicious files associated with the campaign exposed themselves to the malware.

Upon completion of a successful infection, the threat enlisted each victim’s computer into a botnet that serves as a malware-as-a-service (MaaS) for attackers. Many bad actors have already leveraged this functionality to target the networks of enterprises and local governments with a variety of malicious software, especially samples of the BitPaymer and Ryuk ransomware families.

A Look Back at the Recent History of Emotet

Despite its four-month hiatus, Emotet made headlines throughout the first half of 2019. In February, researchers at Menlo Security spotted a spate of new attack campaigns that distributed the malware via URLs hosted on attacker infrastructure and traditional spam email attachments.

A couple of months later, Minerva Labs spotted the threat leveraging stolen email threads as a means of distribution. Shortly thereafter, Bleeping Computer reported on Emotet’s use of compromised connected devices as proxy command-and-control (C&C) servers. But then the malware suddenly went quiet, with Check Point not detecting any new campaigns for the majority of June.

How to Defend Against Phishing-Borne Malware

Security professionals can help defend their organizations against phishing-borne malware by integrating phishing intelligence into their security information and event management (SIEM) solution to vet attack campaigns such as spam operations. Companies should also help create an ongoing security awareness training program as part of a layered approach to maintaining their organization’s email security.

More from

Exploiting GOG Galaxy XPC service for privilege escalation in macOS

7 min read - Being part of the Adversary Services team at IBM, it is important to keep your skills up to date and learn new things constantly. macOS security was one field where I decided to put more effort this year to further improve my exploitation and operation skills in macOS environments. During my research, I decided to try and discover vulnerabilities in software that I had pre-installed on my laptop, which resulted in the discovery of this vulnerability. In this article, I…

Taking the complexity out of identity solutions for hybrid environments

4 min read - For the past two decades, businesses have been making significant investments to consolidate their identity and access management (IAM) platforms and directories to manage user identities in one place. However, the hybrid nature of the cloud has led many to realize that this ultimate goal is a fantasy. Instead, businesses must learn how to consistently and effectively manage user identities across multiple IAM platforms and directories. As cloud migration and digital transformation accelerate at a dizzying pace, enterprises are left…

IBM identifies zero-day vulnerability in Zyxel NAS devices

12 min read - While investigating CVE-2023-27992, a vulnerability affecting Zyxel network-attached storage (NAS) devices, the IBM X-Force uncovered two new flaws, which when used together, allow for pre-authenticated remote code execution. Zyxel NAS devices are typically used by consumers as cloud storage devices for homes or small to medium-sized businesses. When used together, the flaws X-Force discovered allow a remote attacker to execute arbitrary code on the device with superuser permissions and without requiring any credentials. This results in complete control over the…

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything. But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today