Emotet Malware Making a Comeback

Written By Netwurx TG

Hi all,

Some of you may have been receiving emails looking like they were sent by someone in Netwurx Technology Group.

What Happened

This looks to be a classic CEO phishing scam. Let me be clear, our email servers and our networks remain unbreached and uncompromised. It is however very easy for anyone to send an email with a first and last name that matches a real person in your contact list, but please note that the sending domain does NOT come from any of our domains (ntg.systems, netwurxgroup.com), and the telephone numbers in the signature blocks are international numbers. This probably goes without saying, but please do not open or download the attachment should you receive any of these messages.  

How It Happened

We traced this back to an email we sent our VoIP clients back in 2017 regarding Hurricane Irma. A recipient of that mass email recently had their inbox compromised and the hacker has sent messages to everyone who was on that copy list. Both our domains have every security measure in place to prevent emails from being spoofed from them. ALWAYS check the sending address before opening and downloading attachments that you are not expecting, even from names of people you recognize and trust. Again, this event has stemmed from a VoIP-only client that is self-managing their email from GoDaddy and who appears to have been successfully phished. That email breach targeted everyone on that email CC list and posed as Alan McKee and possibly some other employees, an exploit that is known as spear-phishing or CEO Fraud.

What is Spear Phishing/CEO Fraud

These tactics are meant to appear to come from a trusted sender to increase the likelihood of someone opening the email and downloading the malicious payload. 70% of encryption malware attacks (CryptoLocker, etc) start with email scams like this one. This year, global losses from cybercrime are expected to top $10 trillion. More info on CEO Fraud/Spear Phishing here: https://www.knowbe4.com/ceo-fraud

What Can I Do to Protect my Email?

At the very least, two very important measures should be taken: Multi-factor authentication on every user account that has access to email, and ensuring domain security. Examples of domain security include DMARC, DKIM, and SPF records. Additionally, a robust third-party email SPAM and phishing protection platform should also be used. Unfortunately, as we move forward in this landscape of cybercrime, built-in or consumer antivirus software and security tools will not be enough to protect you and your company from attacks like this. This is the bare minimum nowadays to ensure rudimentary security. We strongly recommend a full security stack of products and services that will protect you from multiple threats and attack vectors.

If you are self-managing your email, or if it is being managed by a webmaster or the company/individual who is maintaining your website, please ensure that these steps are being taken to protect you, your employees, and your business’ data. Not every breach ends at just a SPAM campaign, as mentioned above, 70% of encryption attacks are started with a phishing email just like these.

If you have any questions, or would like to get more information on how Netwurx can help protect, secure and manage your email and other security needs, please visit our website: https://ntg.systems/kaizen-workplace or give us a call here at the office and we can schedule a full security audit of you workstations and email services.

Stay vigilant,

 

Ryan S. McKee | LinkedIn

Director of Operations

Netwurx TG https://ntg.systems
Previous

Increased Threats of Pro-Russian ransomware groups