La botnet Emotet dopo aver raggiunto il suo “massimo splendore” tra agosto e ottobre 2020, mutando continuamente e raggiungendo una media di 25.000 nomi di file diversi al mese, è stata smantellata. A novembre questo numero è poi sceso a meno di 500, e tra dicembre e gennaio la media è stata di circa 5.000 – l’80% in meno della quantità vista in precedenza.
Questo può essere stato il risultato della collaborazione tra le forze dell’ordine in tutto il mondo, che poi hanno neutralizzato la botnet. In parallelo, Check Point ha visto che le nuove comunicazioni C&C di Emotet sono calate di oltre il 40% negli ultimi 2 mesi, rispetto al picco precedentemente illustrato.
Lotem Finkelsteen, Head of Threat Intelligence di Check Point Software Technologies ha rilasciato una dichiarazione dettagliata che riportiamo in lingua originale (inglese).
“Emotet, which was once a Banking Trojan and became a full-blown botnet was the most successful and prevalent malware of 2020 by a long way. Data from Check Point’s ThreatCloud intelligence network shows that Emotet impacted the networks of 19% of global organizations over the course of last year.
Emotet earned its reputation not just because of its dynamic nature and unique technical features, but also because of the highly-organized criminal business model it developed. Instead of acting alone, the people behind Emotet chose to collaborate with other organized cybercrime groups like Trickbot and Ryuk Ransomware, and together they became very effective partners in crime.
In this vicious coalition, Emotet, through its broad world-wide infrastructure, was responsible for gaining the first foothold within companies and organization all around the globe. This large base of infections was then sold to Trickbot, which was responsible for broadening the foothold within targeted networks, dissecting them into industries and companies, and in turn selling those infected networks onto ransomware players as Ryuk. This has been the infrastructure behind the ongoing success of ransomware attacks in recent years.
The Emotet botnet, which lures victims through phishing emails, in 2020 alone sent emails with over 150,000 different subjects lines and more than 100,000 different file names. It constantly adjusted its phishing emails to victims’ interests and global events (e.g. the COVID-19 pandemic or major shopping seasons such as Black Friday).
So while the announcement by Europol might seem to be abstract, it’s worth remembering that Emotet impacted 1 out every 5 organizations worldwide. This news reflects the importance of global cyber task forces and joint interests to protect the public from cyber-threats that have caused losses of millions, if not more, of dollars.”