There is a variant of EMOTET trojan that is very dangerous and can bypass multiple endpoint protections. EMOTET is commonly delivered via email with an attachment or a link within the email similar to a number of phishing emails that you probably have received in the past.
Because it is using content of emails that the infected has previously sent, it increases the likelihood of the email bypassing email spam filters because it looks like a legitimate email.
EMOTET fools most AV software by staying dormant/sleeping while the AV software inspects and tries to figure out what it is. Once the AV software says it is OK, EMOTET installs itself and other malware on the computer. After a period of time, the AV software goes “WAIT!” This is bad and disables the threat. By this time it is too late, information has already been transferred to botnet servers.
Another way that EMOTET is bypassing AV software is that malware developers are constantly changing EMOTET so that AV software doesn’t know about it.
Now that these malicious people have email addresses and reputable email content, it will continue to try to get information from your contacts. It can also replace the attachments/links with ransomware which can encrypt all your files and ask for money to get it back
- Train your employees to inspect emails with attachments and links before clicking on it. Here are some tips: https://cbm.technology/how-to-protect-yourself-from-phishing-attempts/
- Have appropriate anti-phishing filters (not the same as spam filters unfortunately, it is a different way of handling these)
- Have appropriate and updated endpoint protection that is designed for the latest threats such as EMOTET
- Contact your IT provider to see if you are or have been infected in the past.
- Lastly – Periodically train your employees to inspect emails with attachments and links before clicking on them. Technology can aid in reducing the risks of being compromised, however human intervention is still a necessity.
US Dept of Homeland Security – https://www.us-cert.gov/ncas/current-activity/2020/01/22/increased-emotet-malware-activity