.png){kind=logo}
- Insights
- Cryptocurrencies
- Stocks
- White Papers
- Industry
- Geography
- Insights
- Cryptocurrencies
- Stocks
- White Papers
- Industry
- Geography
The malware goons are back again. The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products.
TrickBot, which started out as a banking trojan, has evolved into a multi-purpose crimeware-as-a-service (CaaS) that's employed by a variety of actors to deliver additional payloads such as ransomware. Over 100 variations of TrickBot have been identified to date, one of which is a "Trickboot" module that can modify the UEFI firmware of a compromised device. In the fall of 2020, Microsoft along with a handful of U.S. government agencies and private security companies teamed up to tackle the TrickBot botnet, taking down much of its infrastructure across the world in a bid to stymie its operations. But TrickBot has proven to be impervious to takedown attempts, what with the operators quickly adjusting their techniques to propagate multi-stage malware through phishing and malspam attacks, not to mention expanding their distribution channels by partnering with other affiliates like Shathak (aka TA551) to increase scale and drive profits.
Russian-based criminals behind the notorious malware known as Trickbot appear to be working overtime to upgrade the threat's capabilities. Researchers announced last week the discovery of new malware components that enable monitoring and intelligence gathering on victims. The research findings include the detection of a VNC module that uses a custom communications protocol to obfuscate any data being transmitted between the command-and-control (C2) servers and the victims, making the attacks harder to find. The module is in active development and is being updated by criminals at a rapid pace.
Separate research on Trickbot also found the malware targeting companies in retail, building materials, manufacturing, insurance, and construction with phishing emails designed to steal credentials. The Trickbot malware is designed to build a botnet—a network of hundreds (or sometimes thousands) of hacked and connected devices used to launch attacks on organizations and individuals. In October 2020, the Trickbot botnet made global headlines when Microsoft successfully argued in US Federal court that Trickbot used Microsoft's SDK code for malicious purposes, thus infringing on the copyright. Microsoft was then able to gain control of Trickbot's various command and control servers in the US and shut them down. While the lawsuit was only partially successful in halting botnet activities, security professionals hailed it as a significant legal victory when fighting cybercrime, since this legal approach could be applied in any country with similar copyright laws in place.
To prevent malware infiltration, businesses are advised to make sure their systems have the latest cloud security, data security, email security, and endpoint security solutions. Phishing services, including phishing training, can also help organizations address phishing attacks. In addition, organizations are encouraged to engage in regular penetration testing to help understand and identify existing malware in an enterprise system.
