You’ve heard of software as a service but guess what? There’s also malware as a service, bad actors can hire malicious bits of code and they’re on their way to a nasty spamming or Trojan campaign, great.
So cybercrime is easier and easier to do and the education sector continues to be a target for these criminals. Last year, a certain piece of banking malware, Emotet, was particularly virulent and targeted at schools. Emotet infections have cost institutions up to $1 million per incident to remediate.
Emotet is nasty, it changes through updates and is disseminated through malspam, so open a pdf or a word document and your machine and very soon the network is compromised. It is a dropper so it carries older pieces of malware into the infected system.
Emotet campaigns imitate PayPal receipts, shipping notifications, or “past-due” invoices purportedly from MS-ISAC, the centre for internet security. Initial infection occurs when a user opens or clicks the malicious download link, PDF, or macro-enabled Microsoft Word document included in the malspam. Once downloaded, Emotet is persistent and attempts to propagate the local networks through incorporated spreader modules.
One of the ways Emotet gets in is through weaknesses in password recovery and storage software, so once again keep those passwords safe and change them frequently.
A report from email management and security company Mimecast details a significant Emotet campaign in October last year, the attacks were concerted and high volume.
On 3-4 October, the education sector was attacked primarily with large volumes of Emotet malware on the first day, followed by the inclusion of Windows 97 document exploits with Emotet on day two.
10-11 October saw another attack against the education sector; generic malware including Sagent and Zmutzy was also present. The second day introduced a large volume of Windows 97 document exploits in concert with Emotet, and in both attacks, Windows 97 document exploits accounted for nearly 50% of the detections.
On 15 October, the education sector was again attacked, this time almost exclusively by a significant volume of Emotet with more than 3,600 detections.
On 17-18 October, there was another attack against education with more than 12,500 detections of Emotet malware.
Between 22-25 October, an even higher volume of Emotet malware was used to attack the education sector, peaking at more than 27,000 detections on the first day, 5,500 on day two with low-volume addition of Strictor malware, and more than 4,500 detections of Emotet on days three and four before the attack ceased.