Getty Images/iStockphoto

Emotet Reemerges with Massive Campaign Targeting Pharma Industry

One of the most disruptive hacking groups behind Emotet has returned after a lull around Christmas with a massive targeted campaign aimed at the pharmaceutical industry, Proofpoint says.

Proofpoint is urging all organizations to take steps to shore up any vulnerabilities, after detecting a massive Emotet campaign targeting the pharmaceutical industry. The hacking group behind Emotet is known as TA542.

Emotet is a modular botnet able to download and install a wide range of malware. It's also known to steal data and send malicious emails from victims. Proofpoint notes that it can easily spread across networks, leveraging infected devices to launch additional attacks.

The notorious trojan last resurfaced hijacking email content from its victims in September.

“Emotet is a highly effective malware being used by a highly effective and sophisticated threat group with a large global infrastructure,” Proofpoint researchers wrote. “Based on past activity and what we’re seeing in just three days, one of the world’s most disruptive threats is back to work and everyone around the world should take note and implement steps to protect themselves.”

The hacking group last took a break between May and September 2019. While it was only in action for the last two weeks of July, Emotet still accounted for 11 percent of all malicious payloads seen during that quarter.

The latest campaign was seen targeting US, Canada, and Mexico, specifically the pharma sector. But earlier this week, the attack expanded to include 12 additional countries and other sectors. Proofpoint noted that on Monday the campaign sent nearly 750,000 emails, the largest amount seen in the wild since April 2019.

The record number of Emotet messages sent in a day is more than 100 million.

“TA542 has massive sending infrastructure: nobody generates volumes like they do these days,” researchers explained. “Campaigns that TA542 unleash have big volumes and are widespread across verticals, languages and people. Even if they take 150 days off in a year, like they did in 2019, they can do lots of damage.”

Proofpoint is urging organizations to bolster their email security and make sure email traffic is secure. Users should be warned to be suspicious of any emails that encourage urgent action, along with being reminded not to click links or open attachments in those emails.

Layered defenses should be employed to prevent the delivery of these messages. Organizations should also consider customizing user training programs to ensure users know how to recognize malicious emails. Studies show phishing training and education drastically reduces the risk to healthcare cybersecurity.

Researchers have predicted healthcare cybersecurity will worsen in 2020, as hackers continue to improve the sophistication of their attack methods and ramp up the number of attacks. The threat surface has also significantly expanded given a new critical vulnerability found in Windows 10 by the National Security Agency and Microsoft ending support for Windows 7.

Next Steps

Dig Deeper on Cybersecurity strategies