Alert - Emotet: Latest information on current cyberattacks

Adrien Gendre

September 25, 2020

6 min

In recent weeks, French, New Zealand, and Japanese government agencies have released warnings to the public about increased Emotet activity. Last week, Italy, the Netherlands, and Microsoft also raised alarms. Vade is well aware of the recent spike in Emotet malware activity and is closely monitoring the situation.

We have heard your concerns, and your business’s security and that of your customers is our top priority. Many of you have reached out to us to ask how Vade blocks Emotet attacks. Vade adopts a multi-layer detection method for Emotet, combining different techniques to ensure identification of any variation of the malware.

Below is a brief explanation of how the email content filter identifies and blocks Emotet and similar malware infections:

  • Although Emotet is unique, it contains anomalies that are common to all malware, resulting in a set of criteria combined from the email itself and the attachments.
  • For Emotet, we have specific heuristic algorithms that are continually updated as new Emotet behaviors are identified.
  • Our SOC and filter teams focus on the email content as well as the payload, scanning documents and .zip files for suspicious content, including macros containing suspicious characters or executable files and obfuscated code.
  • Parsing of attachments, including Office documents, PDFs, and .zip files is done in real time, rather than a sandbox (where malware can lie dormant).
  • URLs and IPs used by Emotet are monitored and blocked daily.
  • Emotet is sent by email with techniques that are similar to spammers’ techniques in some ways. As a result, Vade leverages Heuristics Anti-spam scoring to qualify email. If the first part of the email is identified as spam, the filter will block the email without having to analyze the attachment.
  • Machine learning models scan for suspicious attachment types used to trick email recipients, including invoices, a popular lure for Emotet.

Vade will continue to monitor Emotet activity and adjust as needed. Please do not hesitate to reach out with questions. 

For more information on how Vade identifies and blocks malware, please see out Anti-Malware Solution Brief.