Emotet is back & badder than ever but Intercept X answers the call

Hardcore fans of the Firewalls.com Blog (yes, we’re aware those don’t exist) may remember our Emotet malware article in March of last year, painting the banking trojan as the cybersecurity world’s biggest villain of 2019 and comparing him to the ever-evolving baddie, Ultron. With recovery costs surpassing a million dollars per incident, this feisty malware can wreak real havoc on small businesses and enterprises alike. A year has passed since that spotlight article, but Emotet is far from being ancient history. In fact, recent trends suggest that the Emotet problem may grow worse in 2020.

Security researchers at Nuspire discovered a huge resurgence in Emotet malware activity throughout Q4 of 2019 including 1,275 unique variants of the malware with 339,000 new strains discovered each week. To support this growth, Emotet has been diligently adding new features to its toolset, allowing for greater versatility in stealing credentials, spreading infection, and pilfering user data.

Same goal, new ways to reach them

We discuss a few of these new capabilities in Episode 13 of Ping: the Firewalls.com Podcast, specifically focusing on Emotet’s ability to scan wireless networks and infect connected devices. Added up with past strategies–spreading through email spam and lateral network movement–this advanced Trojan is proving ever more elusive to detect, identify, and prevent with every iteration.

When Emotet malware made a sharp resurgence in September of 2019, it often paired up with Ryuk ransomware, providing maximum damage to networks once attackers got their foot in the door. Cameos with TrickBot and BitPaymer also demonstrate that Emotet is willing to team up with fellow no-goodniks to cause even greater disaster after an infection.

Best practices to prevent Emotet malware

When it comes to malware, the greatest cure is prevention. Educating users, securing unmanaged devices, and shining a light on network blind spots are all strong preventative measures that can prevent an Emotet outbreak on your network. Focusing on email security training and Business Email Compromise with your staff arms them with the knowledge needed to sidestep Emotet’s widespread spam campaigns.

Sophos Intercept X Advanced with EDR (and other machine learning-powered endpoint protection platforms) monitor the evolving behavior of malware strains such as Emotet, comparing threat data from security sensors worldwide to compile real-time threat data to networks. Intercept X offers multiple layers of security, including detonation of executable files in a secure sandbox environment.

Strong email protection through XG Firewalls provides additional strata of security, scanning outbound emails to detect Emotet spam, identifying which machines are responsible for it, and quarantining them from the network. Fighting off advanced threats such as Emotet requires multiple layers of security with end-to-end visibility and access control. Check out the Firewalls.com Services section to learn how our team of certified network engineers can deploy Access Control Lists, optimize your email security, and monitor your network around the clock with Managed Security Services.