The latest Threat Information Report from HP Wolf Security shows a 27x increase in detections resulting from Emotet malicious spam campaigns in Q1 2022.
Based on findings from millions of endpoints running HP Wolf Security, this Emotet is the most viewed malware family in the period, accounting for nine percent of all malware captured.
“Our first quarter data shows that this is by far the most activity we have seen from Emotet since the group was disrupted in early 2021, a clear sign that its operators are regrouping, regaining their strength and investing in the growth of the botnet.Emotet was once described by CISA as one of the most destructive and costly malware to remediate and its operators often collaborate with ransomware groups, a pattern we can expect to continue.Hence its resurgence It’s bad news for both businesses and the public sector,” says Alex Holland, Senior Malware Analyst in the Threat Research Team at HP Wolf Security. “Emotet also continued to favor macro-enabled attacks, perhaps to get hit before Microsoft’s April deadline, or simply because people still have macros enabled and can be tricked into clicking the wrong thing.”
Among other findings, nine percent of threats had never been seen before at the time they were isolated, and 14 percent of isolated email malware had missed at least one email gateway scanner. .
The threats used 545 different malware families in their attempts to infect organizations, with Emotet, AgentTesla and Nemucod being the top three. The report shows that 45% of malware isolated by HP Wolf Security used Office file formats, and the most common attachments used to deliver malware were spreadsheets (33%), executables and scripts (29%), files ( 22%) and documents (11 percent).
the full report is available on the HP Wolf site.