Communications Authority warns organizations against a data stealing malware

No photo availableCIO Africa authorByHumphrey Odhiambo
3 min read

Kenya’s ICT watchdog the Communications Authority of Kenya (CA) has at the start of the year announced the detection of…

Communications Authority Headquarters
Communications Authority Headquarters

Kenya’s ICT watchdog the Communications Authority of Kenya (CA) has at the start of the year announced the detection of malware that appears to target network systems of organizations.

The malware threat called Emotet, was identified by the National Computer Incident Response Team Coordination Centre (National KE-CIRT/CC) at the close of 2018 and has since sniped the digital lead teams in various financial services institutions back to work from their end-year cum New Year holiday.

Through a public notice, the the National Computer Incident Response Team Coordination Centre noted that it had detected 11 cases of Emotet malware that had targeted local financial institutions which, they immediately engaged purposely to address the intrusion.

According to a statement by the CA the Emotet malware is an advanced and destructive banking Trojan affecting network system. The Authority noted that Emotet is disseminated through malicious email attachments or links posing as invoices, payment notifications and bank alerts.

Cyber security expert Dr. Bright Mawudor urged financial institutions to reduce the use of macrons since it is susceptible to the malware.

Dr. Bright Mawudor, Head of Cyber Security Services, IS

Like most online banking trojans, Emotet hooks the browser process to capture log-in credentials entered by users on websites belonging to financial institutions.

In Australia, a related malware called Dyre found by researchers from PhishMe and CSIS Security Group targeted the sites of Bank of America, NatWest, Citibank, RBS and Ulsterbank.

According to security firm Malwarebytes, Emotet is a Trojan that is primarily spread through spam emails. The infection can be spread either via malicious script, macro-enabled document files, or malicious link.

Emotetemails may contain familiar branding designed to look like a legitimate email. What’s more, Emotet may try to lure users to click the malicious files by using trickery language about “Your Invoice,” “Payment Details,” or shipping details that a user may perceive genuine.

Discovered by security researchers in 2014, Emotet has gone through a few iterations. Early versions arrived as a malicious JavaScript file. Later versions evolved to use macro-enabled documents to retrieve the virus payload from command and control servers run by the attackers.

The CA advises the public and organizations to install the following measures to cut or limit the probability of Emotet and similar attacks if by any chance they detect infection by the malware:

  • immediately scan and isolate the infected device from the network
  • clean up and patch the system
  • consider upgrading their security measures to secure the network from future attacks
  • strictly adhere to cybersecurity best practices

Leave a Reply

Your email address will not be published.

Do you have a story that you think would interest our readers? Write to us editorial@cioafrica.co