Skip to main content

Emotet malware boosts email attacks as ransomware disappears

(Image credit: Image Credit: Gustavo Frazao / Shutterstock)

Almost two thirds of all malicious payloads in the first quarter of 2019 were driven by the actor distributing the Emotet botnet

This is according to a new report by cybersecurity company Proofpoint, which says it mapped Emotet's 'increasing prevalence', as it shifts from being a banking Trojan to a botnet. It continues to displace credential stealers, standalone downloaders, and RATs, it was said.

The report also states that banking Trojans, namely IcedID, The Trick, Qbot, and Ursnif, took up a fifth of malicious payloads during the quarter. Ransomware was 'virtually absent' in the period, however, it was said that 'payment' was one of the top subject lines in email fraud attacks.

Engineering, automotive, and education industries were the biggest target. On average, companies experienced 47 email fraud attacks, which is somewhat lower than the record high of Q4 2018.

Still, Proofpoint believes “this may be a sign of increasingly selective targeting and seasonal variations.”

“The massive shift in Emotet’s prevalence and classification highlights just how quickly cybercriminals are adapting new tools and techniques across attack types in search for the largest payday,” said Sherrod DeGrippo, senior director of Threat Research and Detection for Proofpoint. 

“To best defend against a rapidly changing threat landscape, it is critical that organizations implement a people-centric security approach that defends and educates its most targeted users and provides protection against socially-engineered attacks across email, social media, and the web.”

Image Credit: Gustavo Frazao / Shutterstock