CYBERSECURITY POLICING
An International collaborative effort has disrupted one of the most dangerous & pervasive botnet dubbed as ‘EMOTET’
Lately, we have seen increased and welcome activism from the law enforcement authorities against illicit activities on the Internet. Last year, I wrote about how demand for illicit goods had grown amid hackers racking up bounties from cyberattacks. The report cited suggested how ‘DarkMarket’ had taken over as over as one of the biggest darknet markets after some high-profile exits in the space. Almost two weeks ago, European Union Agency for Law Enforcement Cooperation (Europol), in an international operation, took down this illegal market with almost half a million users.
Global law enforcement agencies have been on a hunt ever since to further weed out nefarious players. In a follow-up move, Europol has now collaborated with authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada & Ukraine — disrupting the most pervasive and dangerous botnets of the past decade: ‘EMOTET’.
First discovered as a banking Trojan in 2014, EMOTET has been one of the most professional and long-lasting cybercrime services, ever to exist. It quickly made a name as a favorite go-to tool for cybercriminals. Its ability to provide back-door entry into global computer networks is what made it so popular. This unauthorized access was then sold to other top-level criminal groups to conduct more illicit activities, such as data theft and extortion through ransomware. The model on which this botnet worked could easily be labeled as ‘Malware as a Service’.
Billions of people use email for personal & work reasons and the majority of emails that land in our Inboxes can be classified as junk, spam, or malicious. EMOTET employed a fully automated process to deliver infected email attachments to victims’ computers. Unsuspecting users were lured with various tricks to open these infected attachments — presenting as invoices, shipping notices & more recently with information about COVID-19. These malicious Word documents, once opened would enable to run a malicious code in the Word file, via macros. This subsequently installed the malware on the machine.
What made EMOTET such a dangerous tool was its ability to enable cybercriminals to carry out other kinds of malware attacks such as banking Trojans or ransomware, onto a victim’s computer. Enabled by a so-called ‘loader’ operation, EMOTET provided a platform for other infamous malware operators like TrickBot and Ryuk. What made it so resilient was its modus operandi — its ability to spread to the whole network, after gaining access to just a few of the devices on that network.
An elaborate network of hundreds of servers located across the world was used by EMOTET to conduct its operations. These included managing the computers of the infected victims, launching new attacks, serving other criminal groups, and also make the network more resilient against takedown attempts.
To take down this elaborate scheme of things, global law enforcement agencies teamed together with judicial authorities to gain control of the infrastructure — eventually taking it down from the inside. Employing a novel and unique approach to disrupt cybercriminals, infected machines of victims were redirected to law enforcement-controlled infrastructure.
Although everybody can breathe a sigh of relief, it’s a fact that even after a successful takedown, cybercriminals have a habit of resurfacing in clever and unexpected ways. And this could hold true for Emotet as well. Also, keep in mind, botnets like EMOTET are polymorphic in nature — changing code every time to avoid detection.
A combination of cybersecurity tools & cyber awareness is a must to tackle this problem. Update your antivirus software & operating system regularly so that you have the most recent protection available from nefarious players and other vulnerabilities within the system. If an email seems too good to be true, it probably is. Most of the email clients these days do a pretty decent job of isolating spam from your inbox, but some still might slip through. Never open attachments in an email from a stranger — I usually hit the DELETE button right away.