Loading...
Cover Image of Emotet auto-adaptation

Emotet auto-adaptation

-->

The Emotet campaign, reactivated after the Christmas break, has stopped sending generic messages to get its victims to "bite" and has gone on to particularize the messages to the "work slang" of each victim, which implies a prior analysis of the companies ...

Thus, for example, we are detecting that:

Shipments addressed to insurance entities contain matters such as:

  • Appraisal of...
  • policy of...
  • Sinister of...
  • Vehicle photo...

Mailings to hospitals and health-related companies contain items such as:

  • Nursing report....
  • Health of...

Mailings addressed to large construction companies contain matters such as:

  • Budget of...
  • Garden of...

It is evident that this technique will be able to deceive a greater number of users.

These emails contain either a malicious attachment or a malicious URL that often alternate for weeks: one week they used attachments, the next they used URLs, and so on.

In this sense, in recent times the rotation time has decreased and they tend to always send attachments until noon and URLs from that moment until the end of the working day, when shipments practically cease.

 

Bank phishing does not rest

-->

Despite the apparent pause in the activity of Emotet, one of the most serious and long-standing cyberthreats, traditional Phishing continues to thrive. According to our own statistics, the expectation of success is approximately one per thousand on average, that is, out of every thousand emails sent, one will get a click on the malicious link.

Since the beginning of January, Iberlayer Email Guardian has detected and blocked more than 16,000 bank Phishing emails.

12% of the URLs correspond to WordPress environments that have been hacked to host the clone of the corresponding bank's website.

The following graph shows the number of different URLs we have found from some of the main banks in Spain and IberoAmerica so far this month, led by BancoSantander (267 URLs) and Bancolombia (346 URLs).