Malicious Email Campaigns Targeting New Jersey

Image Source: Palo Alto Networks via NJCCIC

Here’s a brief message from our friends at New Jersey Cybersecurity & Communication Integration Cell (NJCCIC) regarding recent malicious emails:

Over the past several weeks there has been an increase in email scams containing malicious links and attachments.

Many of these phishing messages contain payment-themed subject lines and appear to have been sent by trusted contacts, including government organizations, businesses, and academic institutions.

Through analysis , the NJCCIC has determined that these messages pose a significant threat to  systems, networks, and personal information.

Emotet was originally categorized as a banking trojan used to steal financial account details.  Since its discovery in 2014, Emotet has continuously evolved to avoid detection and is currently being distributed via spam emails containing malicious attachments or embedded links.

In the first half of 2018, Emotet variants have replaced ransomware as the most prevalent email malware threat.

These emails often reference an invoice or overdue payment in the subject and contain a URL link or Microsoft Word document attachment. If recipients open the document, Emotet will install onto their system. Emails may appear to come from an individual within the recipient’s organization or a trusted associate. Recent subject lines associated with this campaign include “Southwire,” “Inv. [random digits],” and “HRI Monthly Invoice.”

Even in organizations with the latest email filtering technologies to detect and block malicious emails, Emotet is only detected 43% of the time.

End users are advised to be aware of these email threats and to be cautious when opening emails, especially those that were not expected and contain links or attachments.

For more information on the Emotet trojan, please refer to the following open-source resources: NJCCIC Threat Profile: Emotet

NJCCIC Recommendations
The NJCCIC recommends users be mindful of this cyber threat and report suspicious emails to your IT help desk or information security officer immediately. We also strongly recommend never clicking on links or opening attachments delivered with unexpected or unsolicited emails.

Additional Precautions:
• Stay informed of current and emerging threats by subscribing to the NJCCIC Alerts.
• Ensure the use of strong and unique passwords and implement multi-factor authentication.
• Ensure that anti-virus/anti-malware software is active, updated, and scans all newly received or downloaded files.

To learn more about Cyber Liability options for your business, please contact us anytime at 609-399-0060!