The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert warning of an increase in Emotet malware-based phishing attacks on state and local agencies.

“Since August, CISA and MS-ISAC have seen a significant increase in malicious cyber actors targeting state and local governments with Emotet phishing emails. This increase has rendered Emotet one of the most prevalent ongoing threats,” the alert stated.

Emotet is a trojan-style strain of malware that is typically spread via email attachment but can rapidly propagate itself across networks. It was first identified in 2014 and primarily targeted banks, but has grown increasingly sophisticated since then and has incorporated new methods of avoiding detection and spreading to wi-fi connected devices. 

Cyberattacks deploying Emotet had mostly died down between February and June 2020, but have surged again since July 2020 with a 1000% increase detected by security agencies in August. Since then, government agencies in the U.S., Netherlands, Japan, Canada, New Zealand, and Italy have all reported Emotet-related attacks.

CISA recommends that government agencies apply and maintain rigorous cybersecurity protocols, including regular updates to antivirus software, automatically blocking suspicious email attachments, and disabling or securing unnecessary network activity.

Read the alert here.