06-Sep-2019
BSI President Arne Schoenbohm presented the report (in German) in Berlin and spoke of a "high-risk situation". The reporting period in the management report will be from June 2018 until the end of May 2019. During this time, BSI staff identified 114 million new variants of malicious programs. German network operators were informed about 11.5 million reports of infections. In government networks of the Federal Republic one could intercept 770,000 defective mails during the period. 300,000 malicious programs are added each day, many of which are based on Emotet.
The BSI considers Emotet to be a particularly dangerous threat within IT security. Recent reports from a highest court and a medical school show how fatal such an attack can be for the facilities. The damage history is not detected for a long time, because by the time the infected system detects the malicious program, contacts from the address books and content from emails could have been read out over many weeks and the malicious code could have been distributed. Deceptively real-looking news from the well-known distribution lists then contain the malware, which recharges programs that are malicious.
Emotet sends deceptively real-looking mails | Outlook Harvesting
What is termed "Outlook Harvesting" is nothing more than the broad, campaign-driven distribution of spam. In the worst case, planned and disguised so well that addressees receive messages that relate directly to previous, authentic communication with colleagues, business partners or people from the family or the circle of acquaintances. These authentic-looking messages with partly highly specialized content are hardly recognizable for recipients who are not sensitized to the subject. File names are deceptively real and malicious links are simply not recognized as such.
The main danger posed by Emotet is that by downloading malicious programs not only logins are read, but in the worst case remote access to the network can be established. Common antivirus protection is usually ineffective against such attacks, as the malware is permanently modified and updated - but antivirus programs can only fend off known attackers. For example, the BSI recently informed that Emotet reloaded modules that made online banking manipulatable. With these blackmail Trojans (also: ransomware) partly large sums of ransom money are demanded - and until the system is cleaned up, at worst the production or the entire operation is paralyzed.
BSI President Arne Schoenbohm already reported to Emotet about a year ago: "Appropriate prevention can significantly reduce the risk of infection with Emotet." This is reflected in the protection measures from the Alliance for cybersecurity (in German) that you can take.
Protection from Emotet | How to protect your organization and your business
1. Sensitize your employees of the dangers of malicious email attachments and broken links. Ideally, conduct regular training sessions in which you circulate fake messages of known senders that look as authentic as possible. Establish a process in which every user knows to whom conspicuous messages have to be reported.
2. Employee accounts should only be equipped with minimum rights.
3. Make sure that applications, anti-virus programs, and operating systems - ideally automated - are updated. Important are browsers, their plug-ins, mail clients, office applications and PDF programs.
4. Make regular (offline) backups and set schedules for restoring data.
5. Monitor anomalies using automated and manual monitoring.
6. Separate your network according to application areas, so that the client and server are detached from the production.
A particularly comprehensive and effective solution for protection against malicious software is the separation of the operating system from the browser. The network is proactively protected against ransomware, zero-day exploits, ATPs and Trojans, and dangerous links are no longer a threat.
Since browsers and operating systems no longer have direct hardware access, attackers of any kind cannot attack the computer and the local network.