Emotet, a common and highly damaging piece of malware, can now spread via WiFi and almost every WiFi network is vulnerable.
After starting as a banking trojan (malware designed to give remote access) in 2014, Emotet has continually evolved. It’s first major evolution allowed it to spread malicious software, such as crypto lockers, making it popular with cyber criminals worldwide. Now, research by Binary Defense has discovered a new evolution, the ability to breach WiFi networks.
Until now, Emotet had basic spreading capabilities. This allowed it to spread between computers on wired networks, accessing them by guessing or brute force cracking any passwords which protected them.
The new WiFi capability takes this spreading capability further by allowing the malware to take control of infected systems’ WiFi adaptors and scan for, and attack, any WiFi networks it finds. Once inside a WiFi network, it looks for victim machines inside that network and spreads throughout the internal network before deploying it’s payload and spreading further via WiFi.
Dealing with the threat
As WiFi does not, as standard, provide any form of protection against this kind of attack, special measures need to be taken. These should be applied by everyone who has a WiFi network.
- Implement a Wireless Intrusion Prevention System (WIPS). These additional systems work alongside a WiFi network to prevent unauthorised devices from trying to damage or degrade the network. IXCG provides WIPS from the only two companies who produce an automatic WIPS system (Arista and Watchguard).
- Do not use integrated WiFi and broadband routers (such as those provided by broadband suppliers) as, once compromised, give an attacker full access to all devices. Use separate routers, firewalls and WiFi access points.
- Separate WiFi networks from other networks, and the Internet, with a deep packet inspection (DPI) firewall. A DPI firewall inspects every packet of data between the networks it connects and can block malware and prevent data loss. However, be aware as only DPI firewalls have this functionality, other firewall types don’t.
- Regularly check WiFi logs or, better still, use a monitoring service. IXCG’s Workplace Secure service provides 24×7 monitoring and support.
- Make sure you keep all computers, routers, firewalls and WiFi access points updated with the latest patches and firmware. Again, this service is provided by IXCG Workplace Secure.
- Don’t assume that antivirus software will protect your systems against infection. Many antivirus systems are unable to keep up with the pace of malware development.
- Regularly replace old equipment. Older systems usually cost more to run and lack regular security updates.
Trusted Wireless Environment
IXCG has joined the campaign for a Trusted Wireless Environment. This campaign, lead by leading WiFi vendors, is promoting improvements to the WiFi standards to protect the kinds of attack that Emotet use.
WiFi has been vulnerable to the kinds of attack that Emotet is now exploiting. IXCG believes that its time for a change.
However, until then, IXCG is committed to helping organisations of all types in protecting their clients by securing their systems. This is affordable, easy to do and brings real world benefits.
To find out more, book a security assessment or demo or secure your WiFi networks, contact IXCG today.