A new spear-phishing campaign is attempting to infect PCs with Trickbot, one of the most prevalent and potent forms of malware around today, a joint advisory from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) has warned.
trickbot begon het leven als een bank trojan but has become one of the most powerful tools available to cyber criminals, who are able to lease out access to infected machines in order to deliver their own malware - Inclusief ransomware.
Now its authors are using a new tactic to attempt to deliver it to victims, warns the joint FBI and CISA alert - phishing-e-mails that claim to contain proof of a traffic violation. The hope is that people are scared into opening the email to find out more.
ZIEN: Een winnende strategie voor cyberbeveiliging (Speciaal verslag ZDNet) | Download het rapport als pdf (TechRepubliek)
The malicious email contains a link that sends users to a website hosted on a server compromised by the attackers that tells the victim to click on a photo to see proof. When they click the photo, they actually download a JavaScript file that, when opened, connects to a command and control server that will download Trickbot onto their system.
Trickbot creates a backdoor onto Windows machines, allowing the attackers to steal sensitive information including login credentials, while some versions of Trickbot are capable of spreading across entire networks.
De modular nature of Trickbot means it’s highly customisable, with additional attacks by the malware known to include dropping further malware – such as Ryuk or Conti ransomware - of tot voor kort, serving as a downloader for Emotet malware. Trickbot is also able to exploit infected machines for cryptomining.
A coalition of cybersecurity companies attempted to disrupt Trickbot in October last year, Maar de malware didn’t stay quiet for long, with its cyber-criminal authors quickly able to resume their operations.
“The takedown efforts in October were unlikely to permanently disrupt or disable this very capable commodity malware that has been active on the threat landscape at scale for years. It has a strong infrastructure and the ability to continue operating,” Sherrod DeGrippo, senior director of threat research and detection at Proofpoint told ZDNet.
“To completely remove Trickbot from the landscape would be extremely difficult and likely require a coordinated international law enforcement effort like we saw with Emotet. In fact, after the actions of October 2020, we saw Trickbot campaigns resume within weeks, and it has been active continually since,” she added.
ZIEN: Cybercriminaliteitsgroepen verkopen hun hackvaardigheden. Sommige landen kopen
Trickbot remains a powerful tool for cyber criminals and a clear danger for enterprises and organisations of all sizes – but there are measures recommended by CISA and the FBI that can be taken in order help protect networks from the malware.
Providing social-engineering and phishing email training to employees can help them to avoid threats by being wary of certain types of messages.
Organisations should also be implementing a proper cybersecurity programme with a formalised security patch management process, so cyberattacks can’t exploit known vulnerabilities to gain a foothold on the network. It’s also recommended that multi-factor authenticatie is applied across the enterprise, so malware that steals login credentials to move across the network can’t do so as easily.
MEER OVER CYBERBEVEILIGING
Coinsmart. Beste Bitcoin-beurs in Europa
Source: https://www.zdnet.com/article/fbi-phishing-emails-are-spreading-this-sophisticated-malware/#ftag=RSSbaffb68
