HC3 Warns Healthcare Sector of Persisting Emotet Malware Threats

November 27, 2023 - The HHS Health Sector Cybersecurity Coordination Center (HC3) issued a brief about Emotet, a notorious malware strain that has impacted the healthcare sector for years. Emotet has been operational since at least 2014 and has been described as the “world’s most dangerous malware” by Europol.

HC3 has issued threat briefs about the dangers of Emotet in the past, but the group has been known to constantly change up its tactics to evade detection. HC3 stressed that the information in the brief is accurate as of the date of publication, but Emotet will likely evolve and update its capabilities in the future.

“The cybercriminal ecosystem is resilient, fluid and dynamic – gangs form and disband, but the talent and intellectual capital continues to grow over time. This is not expected to change,” HC3 added.

Emotet originally functioned as a banking trojan and is believed to be based out of Ukraine. The group often executes two to three months of attacks followed by a three to twelve-month offline period in which they refresh their capabilities.

Emotet also maintains relationships with other cybercriminal gangs and offers its botnet as infrastructure-as-a-service. Emotet may be delivered via phishing, known vulnerabilities, or brute force. Beyond Emotet’s extensive technical capabilities, the botnet remains a threat due to its aggressive targeting of the healthcare sector.

According to data from TrendMicro, healthcare was the fourth-most targeted industry by Emotet in the first quarter of 2022. Healthcare is commonly targeted by Trojans, and Emotet is one of the most prominent Trojans on the cybercriminal market today.

HC3 provided a detailed timeline on Emotet’s activity over the years. Even when it was taken down by international law enforcement authorities in January 2021, it reemerged in November of the same year with updated operations.

Healthcare defenders can use the plethora of resources available from government sources and research firms to learn more about Emotet and apply necessary mitigations, such as network segmentation and multi-factor authentication.

Most importantly, HC3 stressed that “Emotet is one of the most potent weapons to be brought against the health sector.”

“It is imperative that rank-and-file cybersecurity professionals up to the executives with cybersecurity responsibilities in your organization are aware of Emotet,” the brief continued.

“Much of what you can do to protect against Emotet and its internal and external capabilities will reduce your attack surface against other threats as well.”