Emotet: the Biggest Network Security Villain of 2019

The Biggest Villain of 2019

The U.S. Department of Homeland Security considers it to be among the most costly and destructive threats to U.S. businesses in 2019

It constantly evolves, using adaptation and versatility to grow stronger with each new iteration…

It leverages several attack vectors against multiple targets, giving it plenty of opportunities to secure a victory…

The Feared, the Elusive, the Tenacious Malware: Emotet.

Emotet is a sophisticated cyber attack that uses its skills as a shapeshifter to spread itself far and wide across the Internet. The US Department of Homeland Security estimates that organizations in 2019 have shelled out as much as $1,000,000 per incident to recover from an Emotet attack. With big baddies from seasons past like WannaCry and Petya still fresh in the memory, businesses must now turn their attention to the security world’s 2019 season antagonist: Emotet.

What do Marvel’s Ultron and Emotet have in common?

You may defeat them now, but they always come back stronger, smarter form than before! Just like the comic villain Ultron, featured in Marvel’s 2015 “Avengers: Age of Ultron,” Emotet always finds a way to make itself more dangerous. This complicated malware has been constantly evolving since its humble origin story as an upstart banking trojan in 2014. In fact, Sophos Labs detected and identified over 4,500 different varieties of Emotet carrying unique payloads in January alone.

Emotet gives itself multiple chances to win. It spreads across networks, propagating itself through email spam and lateral movement, using your devices as remote zombies. Emotet collects contacts and browsing data. It can even act as a decoy for nastier attacks. Emotet isn’t picky; the malware can carry whatever malware is paying out top dollar at the time. Whether it’s TrickBot malware, QBot banking trojans, BitPayment ransomware, or something even more nefarious, Emotet is an ideal delivery system for payloads of all kinds. It’s flexible. It’s persistent. And it always comes back stronger!

The Emotet malware’s principal delivery method is through fake emails. One wrong click or careless attachment download lets Emotet get a foot in the door and from there, it begins its primary objective: spread to other devices on the network. Once infected, your inbox will start spitting out malicious emails to everyone in your contact list, providing Emotet with opportunities to infect far and wide. During this process, your email domain reputation plummets!

Once a system is infected, Emotet calls back home and initiates a malware download for whatever payload it’s been built to carry. In this call back step, Emotet may also take the opportunity to lift your contact lists and browser data to be sold off on the black market. With its versatility, constant evolution, and multiple victory conditions to meet, Emotet is a truly tricky foe.

Perhaps its most dangerous use, though, is as a smokescreen. Due to the fast-acting nature of Emotet, its rapid expansion sends network administrators into a frenzy to prevent further compromise. Some cyber attackers use this period of panic as a chance to initiate a targeted ransomware attack. By the time the initial Emotet chaos has been stabilized, ransomware like BitPaymer has already used the distraction to get a stranglehold on the organizations’ data.

Defeating Emotet

Call us old-school, but Firewalls.com believes the bad guys should always lose in the end. Most single solutions are ill-equipped to deal with Emotet. Between its versatility, speed, and ability to assault multiple targets, you’ll need a whole team to take it down. If you’re thinking the Avengers, think again. Sophos Synchronized Security with Sophos Heartbeat is just the band of network defending heroes to call if you want to send the baddies packing.

Try Synchronized Security Free for 30 Days

Sophos protects against Emotet at every point in the attack chain. Synchronized Security means that your endpoints and your firewall communicate with each other in real-time to provide comprehensive and instantaneous response to threats. This constant pulse of communication between endpoints and the network is called the Sophos Heartbeat. The moment an attack is detected, Sophos Heartbeat instantly relays details back to XG Firewall in order to isolate the machine, shut it off from the network, and begin remediation.

Sophos Email Protection blocks spam both inbound and outbound. Leveraging threat intelligence from SophosLabs, Sophos email protection identifies malicious emails like those that propagate Emotet and shuts threats down before they hit the inbox. Active threat protection, malicious attachment sandboxing, and time-of-click URL protection all come standard with Sophos Central Email Advanced, giving your inbox all the superpowers it needs to shut down Emotet at its point of entry.

Try Sophos Email Free for 30 days

Read Sophos Email Datasheet

If a single endpoint becomes infected, Sophos Intercept X springs into action, isolating the device before Emotet has a chance to spread across the network. Intercept X is super smart, harnessing deep learning capabilities to anticipate new threats and predict security threats before they happen. Intercept X cuts off the opportunity for lateral movement and gets to work cleaning up the infected systems. Sophos Intercept X Advanced consolidates protection and Endpoint Detection and Response (EDR) into a single solution with guided incident response.

Try Intercept X Free for 30 days

Read Intercept X Advanced Datasheet

XG Firewalls feature advanced cloud-based sandboxing to examine and detonate payloads in a quarantined environment. XG Firewall is the overwatch command center that communicates in real time with endpoints thanks to the Sophos Heartbeat. AI-powered behavioral monitoring lets XG Firewalls detect behaviors consistent with Emotet and pre-emptively block all currently known IP addresses with Emotet. With advanced protection guarding the point-of-entry, individual endpoints, and at the network level, your Sophos team makes short work of Emotet.

 Try XG Firewalls Free for 30 days

Read XG Firewall Datasheet

Since these programs were designed to work as one well-oiled machine, all of these layers of Sophos protection occur automatically. This provides a comprehensive, zero-touch response that addresses advanced threats at every step of the attack chain. This dream team of Sophos Email, Intercept X, and XG Firewalls ensures Emotet never sees the Endgame. That means your story always gets its happy conclusion. And automatic, real-time, zero touch response means your IT guy can go grab lunch.