Emotet Accounts for 80% of Healthcare Malware

Emotet trojans are the most common trojan in the healthcare industry and trojans account for close to 80% of malware affecting healthcare computer systems.

The Emotet banking trojan was first identified in 2014 by cybersecurity researchers. The malware is designed to steal sensitive information from computer systems and can often evade anti-malware software. The malware is primarily spread through spam emails often disguised as communication from a legitimate company and contain a malicious document or link. Around 20% of the malicious documents are Microsoft Word Documents, and the remaining 80% look like Word Documents on first glance but are actually XML files.

According to Zdnet:

This technique is probably used to evade sandboxes, since sandboxes typically use the true file type and not the extension to identify the application, they need to run in inside the sandbox,” Menlo Security said. “While the true file type is XML, it is still opened in Microsoft Word at the endpoint, thereby prompting the user to enable the malicious embedded macro.

Emotet has evolved since 2014, and can now install other malware to the computers it has infected. While Emotet started as a banking trojan it has amassed a large number of victims from individuals, companies, and governments spanning the world.

Ensuring security in the healthcare industry should be a top priority but the industry often falls short of current cybersecurity standards for a variety of reasons. According to cybersecurity firm Malwarebytes Labs, in 2018 healthcare had the highest number of breaches compared to other industries.

In their report, Malwarebytes Labs state:

More importantly, healthcare systems are massively susceptible to malware infection and hijacking, since there are little-to-no protections in place. And when the threats being lobbed at healthcare are more advanced, all that lagging on security takes its toll.

Trojans account for 79% of malware on healthcare computer systems, with the remaining 21% being riskware, worms, spyware, and ransomware.

It has been argued that Emotet’s success in the healthcare industry is due to the success of phishing scams in the industry. Emotet malspam have been known to have the following subject lines:

• Sales Invoice Account
• Your Recent Payment Notice
• Invoice For *Month*
• Payment Details
• INV****
• Complete Invoice
• Activity Alert: Money Transfer Details

This list isn’t exhaustive and variations of the above are common. The malspam will always try to mimic an email commonly seen in a business environment or disguise itself as a common vendor for the business. People are often busy and not on high alert, especially if invoices are something that the person frequently deals with. This can lead to the malware taking hold.

Emotet has widely affected the health insurance, hospital, pharmaceutical, biotechnology, and medical device sectors. In fact, this threat has been consistently gaining ground on all organizations over the last year, increasing in both persistence and volume to the tune of almost 650 percent from the same time last year.

When looking at the distribution of Emotet across industries, Healthcare now accounts for the largest percentage of Emotet attacks at 32.5%. The next largest targeted industry was consumer products at 22.5%. Banking & Finance, the original Emotet target now stands at 15%, suggesting that increased cybersecurity measures in the banking industry are having a significant effect.

It’s clear that more needs to be done to protect healthcare computer systems from these types of attacks that are sweeping through the industry at an alarming rate.