A coalition of countries have neutralised a dangerous global hacking network which had the power to access victims’ computers and install dangerous malware.
The UK, US, EU and Canada worked together to take down the Emotet network which worked by using email attachments to access victims’ computers. The network would then sell the access to criminals who would install dangerous malware.
Europol described it as “the world’s most dangerous malware”, as well as one of the most resilient. It’s believed to have been used to infiltrate the world’s biggest oil, Saudia Aramco, among other hacking attempts.
And in Germany alone, Emotet is believed to have caused damage of at least 14.5 million euros (AU$22.8 million), Germany's Federal Criminal Police Office said.
Europol carried out the operation on Tuesday, curbing the Emotet activity.
Emotet originally worked by sending emails with seemingly important Word documents attached. Once the document was opened, victims were asked to “enable Macros” which would open the computer to hackers.
“EMOTET has been one of the most professional and long lasting cybercrime services out there. First discovered as a banking Trojan in 2014, the malware evolved into the go-to solution for cybercriminals over the years,” Europol said.
“The EMOTET infrastructure essentially acted as a primary door opener for computer systems on a global scale. Once this unauthorised access was established, these were sold to other top-level criminal groups to deploy further illicit activities such data theft and extortion through ransomware.”
Malware analyst at Avast, Adolf Streda, described the success as a “milestone” in the battle against cybercrime.
He said Emotet had been like a “Swiss army-knife” in its abilities to steal money from bank accounts, passwords and launch further phishing campaigns from compromised devices.
“It has been using strong obfuscation methods to avoid being captured by antivirus solutions, and it has been offered by the original threat actors as malware-as-a-service to other cybercriminals. Having such a wide reach and many prevalent families linked to their infrastructure is why seeing it disarmed by the authorities is positive news for the world of cybersecurity,” Streda said.
Warning for future
Europol said that while it had taken control of the Emotet network, risks remain.
“A combination of both updated cybersecurity tools (antivirus and operating systems) and cybersecurity awareness is essential to avoid falling victim to sophisticated botnets like EMOTET,” it warned.
“Users should carefully check their email and avoid opening messages and especially attachments from unknown senders. If a message seems too good to be true, it likely is and emails that implore a sense of urgency should be avoided at all costs.”