Proofpoint report reveals Emotet’s growing global footprint, also targeting Middle East
Emotet lures victims with branding designed to look like legitimate emails
Emotet malware accounted for nearly 12% of all malicious email samples in Q3 -despite its reappearance only in the last two weeks of September- according to the Proofpoint Q3 2019 Threat Report.
Emotet is a Trojan that is primarily spread through spam emails, arrive either via malicious script, macro-enabled document files, or malicious link. Emotet emails may contain familiar branding designed to look like a legitimate email.
“As individuals become accustomed to email-based lures, cybercriminals are broadening the scope of their attacks with more robust and insidious malicious payloads. The resurgence of malware such as Emotet – which targeted organisations in the Middle East - has also been met with more sophisticated forms of social engineering, as illustrated in our Q3 Threat Report”, said Emile Abou Saleh, regional director, Middle East and Africa for Proofpoint.
“As cyberthreats continue to grow in volume and sophistication, it is paramount that organisations in the Middle East build a robust and people-centric cybersecurity strategy to protect their data, customers and, most importantly their people,” Saleh added.
TA542, the cybercriminal group responsible for distributing Emotet, also expanded its regional targeting during this period to several new countries, including Italy, Spain, Japan, Hong Kong, and Singapore. Reverting to methods that the group had shifted away from in early 2019, TA542’s re-emergence included highly targeted seasonal and topically relevant lures rather than generic financial themes. For example, on Sept. 23, Proofpoint observed the actor leveraging news-related “Snowden” lures.