Government agencies and the general public have been cautioned by the Pakistan Telecommunication Authority (PTA) that malicious hacking groups are stealing information using malware and ever-evolving hacking techniques.
The authority has released a warning in which it is stated that some hacker groups are using the “Emotet” malware and have developed new tactics to evade detection. To start an attack chain, the malware provides generic lures with malicious attachments.
The advisory claims that the aforementioned malware serves as a conduit for more harmful viruses like Bumblebee and IcedID. When authorities coordinated the destruction of its infrastructure earlier in the year, it reappeared in late 2021 and has since spread via phishing emails.
Since its initial emergence in 2014, Emotet, which is linked to the cybercriminal organisation known as TA542, has changed from a banking trojan to a malware distributor. The malware-as-a-service (MaaS) is modular and capable of deploying a variety of paid-for and open-source components that can steal confidential data from infected computers and perform other post-exploitation tasks.
Newer malware operations have started the assault chain with generic lures that feature weaponized attachments. The attacks have adapted to various strategies to evade malware detection programmes as macros have become an antiquated form of payload distribution and initial infection.
The attached XLS files in the most recent wave of Emotet spam emails use a novel technique to deceive recipients into allowing macros to download the dropper. In addition, new Emotet variations have just switched from 32bit to 64bit, which is another way to avoid detection.
PTA has urged government agencies and representatives to be cautious when opening attachments or clicking on links in unsolicited emails, especially those that contain attachments.
Government agencies are advised to use current anti-virus and anti-malware software and to keep their operating systems and software up to date. They are also advised to deploy security updates as soon as they are made available. Additionally, several copies of crucial data should be regularly backed up.
To safeguard networks, firewalls and intrusion detection/prevention systems should be utilised. Workers should receive training on safe computing procedures, such as refraining from downloading files from untrusted sites, keeping personal information private, and avoiding opening attachments or clicking links in emails from shady senders.