The Emotet botnet earned the title of "most wanted" malware family for the month of July 2020 following a period of inactivity. Check Point revealed that Emotet threat activity had affected 5% of organizations worldwide in July 2020, thereby earning the malware the top spot in the security firm's Global Threat Index for that month. Emotet launched into these attacks following a five-month hiatus that ended in mid-July, as reported by Bleeping Computer. After the malware sprang back into life, the computer self-help website observed the Emotet gang quickly resume operations with their QakBot and TrickBot partners. It was just a few days after that when Bleeping Computer covered the efforts of someone to disrupt the malware family's attacks by hacking into its distribution websites and replacing their payloads with memes and GIFs, thereby sparing victims from the brunt of an Emotet infection. Those efforts didn't slow down the Emotet gang, however. Later in the month, the malware family's authors added new functionality that enabled their creation to steal victims' email attachments and use them in an attempt to prey upon their email contacts.
A screenshot of Check Point's top three "most wanted" malware families for July 2020. Check Point observed that these developments highlight the need for organizations to defend against an Emotet infection by taking preventative steps:
... [A]s it is active again, organizations should educate employees about how to identify the types of malspam that carry these threats and warn about the risks of opening email attachments or clicking on links from external sources. Businesses should also look at deploying anti-malware solutions that can prevent such content reaching end-users.
Organizations can use these steps to educate their users about some of the most common types of phishing attacks that are in circulation today. They should also consider availing themselves of an anti-malware solution like Tripwire File Analyzer that's capable of deploying quickly, examining file behavior in a quarantined environment and delivering detailed reports on relevant system changes.
