Activities from Emotet malware more than tripled in the past year in Singapore: Ensign InfoSecurity

Ensign InfoSecurity said in a release on Sept 16 that between Jan 1 and June 30 this year, it found that Emotet activities on the island had increased by more than 300 per cent compared to the same period last year. PHOTO: REUTERS

SINGAPORE - A variant of a global malicious software, or malware, called Emotet tripled its activity level in Singapore in the last year and is posing a greater threat to local businesses and netizens, a local cyber security firm has warned.

Emotet poses a multi-faceted threat to systems here, said Ensign InfoSecurity. It is known to act as a downloader for other malware, allow its users to steal personal data, enable stealthy movements in an organisation's system and is able to alter itself to escape detection.

Ensign InfoSecurity said in a release on Monday (Sept 16) that between Jan 1 and June 30 this year, it found that Emotet activities on the island had increased by more than 300 per cent compared to the same period last year.

It also found that one in two organisations had some form of Emotet-related activity in their network.

At a briefing on Monday, Ensign's vice president of cyber analytics Royston Bok said the Emotet activities detected formed part of a structure of a cyber attack, known as a cyber kill chain.

The links uncovered included traces of scanning and communication pings to command-and-control centres that bad actors who used this malware are known to perform.

"There's this whole chain, we call it the cyber kill chain, that our models are being able to detect activities across this chain. So your chain includes reconnaissance, which is your scanning, delivery all the way to (command and control) communications, and at the end, its infiltration," he said.

"So when we talk about the kind of activities that we are picking up, it cuts across all these things that link to Emotet."

When asked for more details about how many Emotet-related attacks or attempts happen here in a day, a spokesman from Ensign said that it is "not able" to provide the exact number.

And while the spokesman also did not say how the level of Emotet activity compares to other malwares here, she did say that Ensign was "certain" that Emotet had been "extremely active" in Singapore in recent months.

First discovered in 2014, Emotet initially targeted the financial services sector but has since been modified to target other industries too. In its release, Ensign said that the top five sectors here that Emotet had targeted are manufacturing, financial services, media, aviation and healthcare.

Ensign's executive vice president in technology and capabilities Dr Lim Woo Lip warned that Emotet could be difficult to detect, due to its ability to morph.

"Due to its modular and polymorphic composition, Emotet is almost invisible to conventional signature-based cybersecurity solutions," said Dr Lim.

"By tapping on advanced analytics and deep learning to tackle sophisticated threats, cyber security teams will not only be able to detect and respond to an attack in a timely and effective manner, but also analyse and decipher valuable intelligence that can be used to devise preemptive measures to stop future attacks," he added.

Join ST's Telegram channel and get the latest breaking news delivered to you.