Blog

category filters go here

Emotet is back!

After a summer of silence from the infamous banking Trojan there has been a huge upsurge in reports during September.  Emotet can be incredibly damaging, causing a rapid network wide infection.  Now is a good time for a quick recap of the key features of Emotet, how it spreads, what your team should look out for and what you can do to prevent an attack.

What is Emotet?

Emotet was first designed as a banking malware, which attempted to steal private information. As a polymorphic malware, it morphs into changing forms as it moves from one machine to the next.  This makes detection extremely difficult and it often evades anti-malware products.

In its current incarnation, Emotet’s infrastructure is used to distribute another banking Trojan (Trickbot) and then ransomware (Ryuk).  This method of attack is called the triple threat.  The combination affords maximum infiltration of the network, stealing some valuable data while encrypting the rest – for use in extortion.

How is it spread?

Emotet is primarily spread through spam emails, with infected attachments.  These emails are designed to look genuine; they urge the user to click on a link to see an invoice, or payment detail etc.  It then uses the contact lists of infected users to spread to other networks.   Emotet often jumps into the middle of email conversations.  It will go through an inbox replying to messages and sending a malicious attachment.  This is very effective method and it is a tactic they using increasingly. Around 25% of their emails now use this delivery method.   It also uses a list of common passwords to brute force attack itself into connected networks.

How to defend your business?

The polymorphic nature of Emotet means one line of defence will not work.  We always recommend a multi-layered approach to cyber security. Businesses need a suite of effective and complementary cyber security products to create a robust defence.   As email is the first line of attack, Office 365 Advanced Threat Protection should be a key component of your defence, as it should identify and block malicious attachments.  Staff training on Security Awareness is also essential, as their ability to identify a malicious email is vital to protect the company from attack.

Our Technical Consultants can advise your business on all aspects of cyber security.  We can complete an audit on your network to identify vulnerabilities and make recommendations on how you can improve your cyber defense.  We offer Security Awareness Training for staff and we can run ‘phishing campaigns’, where we send out malicious emails and check the response of your team.  If you would like further information on any of these services, contact us today.

RedMosquito provides IT Support and IT Security Services to SMEs in Glasgow, Edinburgh and throughout Scotland.

Brexit IT Funding

Grant funding for Brexit related IT costs

From 29 July 2020 businesses can apply for IT grant funding to cover IT expenditure needed to meet the requirements of Brexit. Staged border controls will begin in January 2021, at the end of the transition period. The Government is making funding of £50 million available to help businesses prepare for the additional customs declarations which will come in to play at that […]

penetration testing

What is Penetration Testing?

Penetration testing can be a useful tool for businesses to utilise as part of a cyber security audit.  Regular penetration testing will help your business identify any weaknesses, in your IT systems or applications, before they are exploited.   They can be a valuable tool in your multi-layered cyber security defence – if they are planned and executed properly! RedMosquito manages penetration testing for many of our IT […]

21 Jul 2020
Phishing Malware Email

Covid 19 Scams and Hacks on the Rise.

Recent reports say that the quantity of Covid 19 scams and hacks directed at homeworkers during the Coronavirus lockdown has grown considerably. The variation and sophistication of the attacks is also on the rise reported Darktrace in a recent article in The Guardian newspaper. Exploitation of homeworkers during the Covid 19 shutdown has increasingly become […]

23 Jun 2020