Infamous botnet Emotet has reemerged and is targeting Australian businesses, individuals, critical infrastructure and government agencies, according to the Australian Cyber Security Centre.
The Australian Cyber Security Centre (ACSC) raised the alarm late last week that the malicious software had been infecting devices in Australia through phishing emails.
There have been at least 19 recent successful Emotet infections in Australia.
“Due to the scale of the campaign, and the risk of economic impact, the National Cyber Security Committee has activated the national Cyber Incident Management Arrangements to Level 3 - Alert,” ACSC head Rachel Noble said.
“The ACSC is working closely with state and territory governments to limit the spread of this computer virus and to provide technical advice and assistance and to support organisations that are affected.”
The cyber centre also said that it believes Emotet was behind the recent high-profile hacking of the Victorian health sector.
“The ACSC has received dozens of confirmed reports of Emotet infection across a variety of sectors in the Australian economy, including critical infrastructure providers and government agencies,” the ACSC said in a statement.
“Emotet provides an attacker with a foothold in a network from which additional attacks can be performed, often leading to the deployment of ransomware.”
Emotet is a malicious email virus, that appears as a normal or useful file attachment in an email, using as a Word document.
But hidden code in the attachment allows the hackers to access and control the targeted device if it is opened.
The emails are made to appear like they came from someone the user knows or an organisation they deal with.
Once the device is infected, Emotet then forwards itself to all the users’ email contacts in an attempt to spread itself further.
Emotet has also been seen to spread further malware to the device, including Trickbot, which allows the hacker to harvest emails and credentials. An Emotet infection also led to the recent Ryuk ransomware attacks on the Victorian health sector.
The Emotet malware enabled the ransomware attack, which took down a series of Victorian regional hospitals and health services earlier this year.
It was first identified in 2014 as a kind of walmware designed as a banking Trojan to steal financial data. It has since evolved to become a “major threat” to users everywhere, according to Malwarebytes.
“Once installed on the endpoint, Emotet attempts to spread laterally, in addition to stealing passwords from installed applications,” Malwarebytes said. “Perhaps the biggest threat, though, is that Emotet serves as a delivery vector for more dangerous payloads, such as ransomware.
“Compromised machines can lay in a dormant state until operators decide to hand off the job to other criminal groups that will attempt to extort large sums of money from their victims. In the past, we’ve seen the infamous Ryuk ransomware being deployed that way.”
The ACSC also provided an example of an Emotet email which is currently doing the rounds in Australia.
“I’ll just await your advice on this one,” the malicious email reads. “Documentation is attached. We very much appreciate your support.”
The email has a word document attached, and if the user clicks on this or opens the file, the virus will infect the device.
The ACSC recommends users disable Microsoft Office macros, maintain their firewalls and make sure they have an offline backup of all information.
“The threat is real but there is something you can do about it,” the ACSC said.
