Users must take responsibility to protect company networks

There is a new breed of malware that uses a sophisticated combination of phishing, brute-force password attacks, and spreader technology to infiltrate and compromise computer networks. The malware is called Emotet.

What you need to know

  1. Do not open an attachment you were not expecting, even if it appears to come from a trusted sender. Check with the sender first. Hackers can make an email appear to come from a friend, colleague, or co-worker. It may even have a convincing subject line that is relevant to your field. We recently saw malware sent to an architecture firm with the subject “Architectural design for your review” and a link to a Dropbox file. The file contained a Word document with malware.
  2. Use a complex password. Simple one-word passwords are easily compromised by brute-force malware, such as Emotet. See the section directly beneath this one for more instructions on creating complex passwords. More information about how Emotet spreads with brute-force passwords and examples of bad passwords can be found at the bottom of this email.
  3. You must take responsibility for the safe operation of your computer system. Firewalls, Anti-Spam, and Anti-Virus software provides an important layer of protection but it can be defeated by sophisticated hackers.

Creating Complex passwords

  • It must be at least 8 characters long.
  • It must not contain easily guessed information such your birth date, phone number, spouse’s name, pet’s name, kid’s name, login name, the word “password”, etc.
  • It must not be a short, commonly used phrase such as iloveyou.
  • If it uses dictionary words, it must use multiple words strung together in a nonsensical way such as GuitarHorseTrain284.
  • It should contain special characters such as @#$%^& and/or numbers.
  • It should use a variation of upper and lower case letters.

 

More information about Emotet

Emotet spreads through phishing emails. As stated above, some of these emails are very sophisticated. They may appear to come from a colleague, your boss, or even the CEO of your company. Impersonating a legitimate email address is called spoofing. Anti-spam filters usually catch spoofed emails, but not always.

The phishing email contains a payload, which is often a link to a legitimate file-sharing service such as Dropbox. When the user downloads the payload, the malware installs on their machine.

Once the malware is installed, it attempts to spread to other machines on the network using a list of brute force passwords.
Some of the brute-force passwords included in the recent Emotet Trojan are

qwerty
love
iloveyou
princess
office
supervisor
superuser
share
adminadmin
mypassword
mypass
pass

 

For organizations who want to enforce complex passwords, CNS has a method to do it. Please contact your VCIO or account rep today for more information about enforcing complex passwords on your network.

Downloadable IT Resources

How To Supplement Your Internal IT Team.

In an ideal world, technology would be a consistent source of competitive advantage and benefit for small and midsized businesses. The reality is that many fail to realize that confidence.

Without the right resources and support, even a highly skilled technology team can become overwhelmed by the growing list of technology management duties. When important tasks get neglected, it creates ripple effects throughout an organization that damage productivity and efficiency.

The co-managed IT services model solves these problems by providing your existing IT team with all the support and resources they need to successfully plan, manage, and defend your network technology.

This guide covers:

  • • Aligning technology with business goals
  • • Reducing churn while preserving institutional knowledge
  • • Empowering your staff to maximize productivity
  • • Achieving the highest level of cybersecurity defense

Download it for free by filling out the form here.