Fake Invoices: How is the Emotet Botnet Attacking Financial Sectors?

Emotet Spreads Fake Invoices

The Emotet Botnet Continues Its Rampage By Spreading Fake Invoices

This is the second blog this week centred around the Emotet botnet. It is on its way to becoming the deadliest cyber threat, keeping security researchers and specialists on their toes. According to cyber reports, the Emotet was responsible for two-thirds of the entire malicious payload that came to light in 2019. This time, it is doing damage by spreading fake invoices.

Now, Menlo Security has uncovered that it is active again, this time in the financial sector.

1.1     A Study of the Recent Emotet Attack

As we discussed in the blog on Operation TA542, it was predicted the Emotet botnet would definitely strike again. And true to the foresight, it has. This time, the Emotet campaign focused on the industries providing financial services, with a few meagre attempts on the food, media, and transportation sector. The attack was scattered, not only on industry, but also on geography. Three-quarters of the attacks were directed towards the US or UK, the towards the Philippines, Spain and India.

Despite it becoming common knowledge, the Emotet has boldly decided not to change its way of working. This time too, the malware was spread through extensive phishing campaigns, coupled with loaded MS Word documents. The subject lines revolve around fake invoices, bank details, and other financial terminologies that would be second-nature to finance sector employees working in the finance sector.

The emails sent to the victims are very hard to trace back to a source because they don’t come from any one hacker’s machine. The Emotet is self-sustaining, meaning it forms a chain of infected Windows machines. The hackers send their emails from these machines, with rotations, thus making it harder for cyber law enforcement agencies to triangulate on the source. The Emotet creates this chain through backdoor accounts, thus providing an opening for other malware to enter the system.

“We are continuing to see Emotet traffic, though the intensity has reduced considerably,” says Krishnan Subramanian, researcher at Menlo Labs.

1.2       Emotet Immunity: Is it possible?

The good news is that the answer is yes. With a little bit of awareness and vigilance and potent security systems at your backing, you can absolutely avoid becoming a victim to the Emotet botnet. Organizations can disable macros on all their systems to prevent triggering the payload from infecting the machines. Besides, employees should be trained to be wary of emails containing Word attachments. A simple confirmation with the person who has supposedly sent the mail will go a long way in protecting yourself.

Your Email Security Systems should be competent and aware of all the latest threats. At Logix, we stop Advanced Malware, BEC Attacks, and Phishing Attacks with its multi layered , multi-tiered Security approach using the multiple threat intelligence detection & prevention tools. We solve modern problems with modern solutions.

More Logix Blogs on the Emotet botnet:

  1. Emotet Botnet Revival
  2. Fake Christmas Party Invites
  3. Fake Greta Thunberg Emails
  4. Emotet Spreads Through MS Word Documents


Leave a Reply

Your email address will not be published. Required fields are marked *

Continue to chat
Hello 👋
Let us know how we can help you!