advertisement
Communications Authority warns organizations against a data stealing malware
Kenya’s ICT watchdog the Communications Authority of Kenya (CA) has at the start of the year announced the detection of…
Kenya’s ICT watchdog the Communications Authority of Kenya (CA) has at the start of the year announced the detection of malware that appears to target network systems of organizations.
The malware threat called Emotet, was identified by the National Computer Incident Response Team Coordination Centre (National KE-CIRT/CC) at the close of 2018 and has since sniped the digital lead teams in various financial services institutions back to work from their end-year cum New Year holiday.
Through a public notice, the the National Computer Incident Response Team Coordination Centre noted that it had detected 11 cases of Emotet malware that had targeted local financial institutions which, they immediately engaged purposely to address the intrusion.
advertisement
According to a statement by the CA the Emotet malware is an advanced and destructive banking Trojan affecting network system. The Authority noted that Emotet is disseminated through malicious email attachments or links posing as invoices, payment notifications and bank alerts.
Cyber security expert Dr. Bright Mawudor urged financial institutions to reduce the use of macrons since it is susceptible to the malware.
Like most online banking trojans, Emotet hooks the browser process to capture log-in credentials entered by users on websites belonging to financial institutions.
advertisement
In Australia, a related malware called Dyre found by researchers from PhishMe and CSIS Security Group targeted the sites of Bank of America, NatWest, Citibank, RBS and Ulsterbank.
According to security firm Malwarebytes, Emotet is a Trojan that is primarily spread through spam emails. The infection can be spread either via malicious script, macro-enabled document files, or malicious link.
Emotetemails may contain familiar branding designed to look like a legitimate email. What’s more, Emotet may try to lure users to click the malicious files by using trickery language about “Your Invoice,” “Payment Details,” or shipping details that a user may perceive genuine.
advertisement
Discovered by security researchers in 2014, Emotet has gone through a few iterations. Early versions arrived as a malicious JavaScript file. Later versions evolved to use macro-enabled documents to retrieve the virus payload from command and control servers run by the attackers.
The CA advises the public and organizations to install the following measures to cut or limit the probability of Emotet and similar attacks if by any chance they detect infection by the malware:
- immediately scan and isolate the infected device from the network
- clean up and patch the system
- consider upgrading their security measures to secure the network from future attacks
- strictly adhere to cybersecurity best practices