The trojan Emotet is today’s biggest malware danger, either in terms of magnitude (due to its massive spam initiatives) and probability (due to its established record of enabling ransomware mafias to purchase access to compromised networks for themselves).
When the malware travel to these local Wi-Fi networks, it will try to compromise linked computers — a strategy that can speedily accelerate the outbreak of Emotet, said researchers.
How it operates:
– Emotet infects a host.
– Emotet installs and operates the WiFi spreader framework.
– WiFi spreader configuration listing all WiFi devices allowed on the host (usually WLAN NIC).
– Framework Extracts List of all nearby WiFi networks.
– WiFi spreader executes a brute-force attack on each WiFi network leveraging two internal sets of easy-to-guess passwords.
– The Emotet WiFi spreader now has easy connections to another network if the brute-force assault succeeds, but no foothold on any
servers or workstations on that network.
– The WiFi spreader is going into a separate brute-force attack intending to infer device and machine usernames and passwords linked
to this WiFi network.
– If second brute-force assault succeeds, Emotet achieves a foothold on a second network and the process of Emotet penetration
continues from scratch, with Emotet effectively springing the divide between two networks via a WiFi connection.
Using key Wi-Fi access point (AP) protection techniques, you can keep the wireless networks from succumbing to Emotet’s Wi-Fi spreader. While operating a Wi-Fi network, use the new WPA3 encryption and a lengthy password longer than 15 characters to secure it. That should prevent your SSID password from being brute-forced by a random Emotet-infected computer close to your AP.
effective wireless security policies and the Safe APs from WatchGuard will aid, but it is still better to have protection measures in place that first avoid Emotet infections. Note to incorporate strong anti-malware strategies at a network and application level (like those included in WatchGuard’s Total Protection package). Our proactive detection of malicious software should prohibit the most recent Emotet from reaching your network.