August 15, 2020

Volume X, Number 228

August 14, 2020

Subscribe to Latest Legal News and Analysis

August 13, 2020

Subscribe to Latest Legal News and Analysis

August 12, 2020

Subscribe to Latest Legal News and Analysis

Privacy Tip #246 – Spam, Spam, Spam: Be Extra Cautious

Security researchers are warning companies to be aware of a new resurgence of the Emotet botnet that has been reactivated after a hiatus of five months.

According to the researchers, the Emotet malware steals information, and has been used to distribute the banking Trojan Trickbot. Attackers using the Emotet botnet use simple emails that are personalized, often with the subject line of “RE.” The emails often contain fake invoices, purchase orders, shipping notifications or receipts, and ask the recipient to click on a link or open an attachment. When the link or attachment is opened, the Emotet malware then is activated and the malware hijacks the email accounts and uses them to forward spam emails that contain malicious links and attachments from the legitimate email account to the contacts in that email account. The recipients, believing the email is coming from a trusted source, click on the link or attachment and the malware exponentially infects other email accounts and systems.

Emotet is known to spread to other devices on the network and those infected devices are then added to the botnet. As of last week, security researchers confirmed that over 250,000 emails containing Emotet are being sent every day.

According to the researchers, if Emotet is detected, it is important to respond as soon as possible, and to isolate the device and remove the malware. Protection from the infection is focused on employee awareness and asking them to be very cautious about opening any Word documents or Excel spreadsheets, even if they think they are coming from a trusted source.

We all have noticed an increase in email traffic and spam during the pandemic. Protecting devices and networks for security personnel has been challenging with a remote workforce; educating a remote workforce on botnets is even more challenging. However, keeping your employees vigilant about emails and attachments, and engaging them to be part of your first line of defense, is critically important to help reduce the spread of Emotet and other malicious malware. As employees, we need to be aware of attacks such as Botnet so we can be responsible and valuable team members in our organization’s data security.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume X, Number 212


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...