Language switcher

You are here

Topics of RIA’s quarterly overview: a clever Trojan is taking over Estonians’ computers and the HOIA app is safe

The computers of more than a hundred Estonians were infected with the Emotet Trojan. This malware, which creates access to a user’s computer for carrying out further attacks, has affected Estonian trade, transport, and construction companies as well as one smaller government agency. In addition, the Information System Authority (RIA) recommends downloading the HOIA app to limit the spread of the coronavirus and keeping your smart devices updated.

The computers of more than a hundred Estonians were infected with the Emotet Trojan. This malware, which creates access to a user’s computer for carrying out further attacks, has affected Estonian trade, transport, and construction companies as well as one smaller government agency. In addition, the Information System Authority (RIA) recommends downloading the HOIA app to limit the spread of the coronavirus and keeping your smart devices updated.

‘When we hear the name Emotet, it may seem as if we are discussing a pharaoh. However, it is actually a dangerous Trojan, which, after infecting a device, allows third parties to access it. After infection, the user’s data, such as the contents of their mailbox, may be stolen, and the mailbox may be used to further spread the virus. The fact that the Emotet Trojan spreads through reliable accounts is what makes it difficult to capture. We recommend always maintaining a careful approach towards e-mails with attachments,’ said Märt Hiietamm, Head of RIA’s Analysis and Prevention Department.
If you receive an e-mail with a Word or Excel attachment and, upon opening the file, you are asked to ‘Enable Content’, it is very likely that the file includes a virus. In such cases, it is recommended to call the sender of the e-mail or contact them via other means and confirm whether the e-mail was actually sent by them.

‘If Emotet infects a company’s computer, it is highly likely that sensitive information, such as client data, is leaked,’ Hiietamm explained. The risks of infection with this malware are quite varied. Emotet has been used to install malware such as Trickbot and Qbot, which steal the users’ bank data, as well as to carry out ransomware attacks.

Emotet uses hijacking of e-mails and data to spread and it is possible that personal data and e-mail conversations held by an infected company will spread uncontrollably. If this happens, the company must inform the Data Protection Inspectorate of any incidents concerning personal data.

The HOIA app

RIA recommends that Estonian residents download the HOIA app to help limit the spread of the coronavirus. The application notifies the user if they have been in close contact with a virus carrier. The application users’ phones exchange anonymous codes via Bluetooth, and the phone of a person who has marked themselves as COVID-positive warns those in close contact with them. Neither Estonian government agencies, the application’s creators, nor phone manufacturers cannot find out who was in close contact with whom or who has declared themselves ill. The notification does also not disclose when and for how long the contact with the corona-positive person lasted – so there is no way to identify who may have been the infected person. Thus, the creators of the application have already taken into account the protection of personal data when developing the application – it is completely private.

According to Hiietamm, one of the potential dangers is that Bluetooth must be turned on at all times. ‘Potential Bluetooth security vulnerabilities have been discussed and written about for many years. Fortunately, users are able to mitigate these risks to a reasonable level fairly easily. The most important thing is for the user to keep the software of their device updated. A smart device or operation system that is no longer supported by the manufacturer is a security risk in and of itself, as possible shortcomings are no longer patched up. In such cases, the app may be safe, as HOIA is, but because the phone itself is old and vulnerable, more caution is required,’ he said. So far, CERT-EE has not yet registered any incidents caused by Bluetooth.

In the full version of the quarterly review, you can also read about the nature of the cyber fraud and ransom attacks of the past three months and about the current status of Estonians’ cyber awareness.


Seiko Kuik
Press Officer of the Information System Authority
5851 7028
seiko.kuik@ria.ee

More news on the same subject

19.10.2020

Estonia was hit by a third wave of malware – always verify the sender’s address before clicking!

16.10.2020 – The monitoring conducted by the Information System Authority (RIA) and information received from the partners show that the Emotet malware, which can be concealed in documents, files, or under links in e-mails, has infected another large set of computers in Estonia.

06.10.2020

Trends and Challenges in Cyber Security – Q3 2020

06.10.2020 – Quarterly Assessment, 3rd Quarter 2020.