Emotet’s Large Malicious Spam Campaigns Among the Most Notable Trends in Third Quarter

What’s in the report?

• In this quarter, Emotet operators have been seen tricking users into running a malicious Word document embedded with payloads.
• Malicious Word attachment naming was automated by using templates in nine languages—English, French, German, Greek, Hindi, Italian, Japanese, Spanish, and Vietnamese.
• Japanese and Australian organizations were the most affected accounting for 32% and 20% of recipients, respectively, due to the resurgent Emotet spam activity in Q3.
• Emotet’s operators have consistently targeted enterprises with thread hijacking techniques to compromise the mailbox of a user on a system and subsequently, exfiltrate it to the malware’s C&C servers.

Additional insights

• In Q3, the memory corruption vulnerability (CVE-2017-11882) in Microsoft Office was one of the most targeted vulnerabilities.
• Trojans (43%) and potentially unwanted applications (21%) were the most common malware types isolated by HP’s security product.
• In addition, the researchers detected several TrickBot spam campaigns, a July campaign having embedded payloads, while a larger campaign in September having a low detection rate.

Recent Emotet attacks

• Recently, Emotet operators were seen employing Halloween-themed spam campaigns to take advantage of Halloween festivities by inviting recipients to a Halloween party.
• Emotet was found sending spam emails pretending to be fake feature updates for Microsoft Word and Windows Update to infect corporate or government networks.

Safety tips