Emotet eeemerges targeting the pharmaceutical industry

Featured image

Share this article

man on laptop with trojan horse virus

Emotet, one of the world’s most disruptive threats, has reemerged after a lull around Christmas.

According to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), Emotet is a sophisticated, costly, and destructive Trojan.

Those within the pharmaceutical industry, and healthcare in general, must remain on high alert and use HIPAA compliant email when sending and receiving emails.

What is Emotet?

CISA states that Emotet functions as a “downloader or dropper” of other malware.

Once in a system, Emotet can infiltrate an entire network, steal sensitive information, disrupt operations, and harm an organization’s reputation.

Emotet was first reported in 2014 infecting organizations in the banking industry, transforming into a general-purpose malware currently setting its sight on the pharmaceutical industry.

The primary threat actor behind Emotet, TA542, has a massive sending infrastructure.

It uses social engineering, spamming, credential stealing, email harvesting, and attachment downloading to infect and spread rapidly.

Emotet accounted for 11% of all malicious payloads during the first quarter of 2019 from its campaign in July 2019 alone.

On January 13 this year, the campaign reemerged after its hiatus, focusing on the pharmaceutical industry in the U.S., Canada, and Mexico and sending nearly 750,000 emails, the largest seen since April 2019.

By the next day, 12 additional countries and multiple other industries were added as targets.

In the past, Emotet has sent a record 100 million messages in one day, indicating the extent of damages organizations face from Emotet this year.

How can you block and protect your organization?

Every organization must stay on top of such threats so that cybersecurity can be strengthened before a breach even occurs.

CISA and others recommend reinforcing cybersecurity by:

  • using layered defenses
  • blocking attachments associated with malware or unscannable by antivirus software
  • implementing firewall rules and filters such as Paubox Email Suite Plus
  • having every employee use email encryption and multi-step authentication
  • segmenting and segregating networks to safeguard sensitive data

Finally, each time a new threat emerges, organizations must update employee awareness training; for Emotet, customize modules to address spotting and avoiding malicious emails.

Related: Recognizing and Blocking a Malicious Email

Stay on top of cybersecurity news as the only way to protect your organization from future attacks is by having a solid security program and strong, up-to-date employee training.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022