The first step towards protecting yourself and your business is awareness. What types of scams are circulating? What are hackers pushing out and seeing results on? What tricks should I be watching out for?
One particularly “tricky” cyber threat, TrickBot, has evolved and taken different forms over the years. It’s even been crippled by Microsoft, who shut down its servers in October 2020.
However, TrickBot is back, and it’s something you need to be able to recognize.
That means training your employees is crucial.
Cyber security awareness training improves your employees’ ability to protect your business, in addition to IT security policies, procedures and tools. Consult with a trusted IT Security provider to learn the steps you should take, or learn about our 16 ways to protect your organization.
In the meantime, though, I’m going to talk about TrickBot, because it’ s an ever-evolving threat that’s been surfacing with new, and sophisticated, tactics.
What is TrickBot?
One of the longest-living botnets on the internet, TrickBot has been around since late 2016. It’s infected over a million computing devices around the world and its evolution keeps it alive and well.
Originally, the botnet started as a Trojan program focused on stealing online banking credentials. The program would piggyback on the infected users’ browsing sessions while instigating fraudulent transfers directly from victims’ computers.
And it didn’t stop there. TrickBot developed further and became a prime example of the crimeware-as-a-service model that powers today’s cybercrime economy. Most recently, TrickBot has been used increasingly as an intrusion and reconnaissance tool. Its creators sell access credentials for business networks to other hackers who then want to deploy their own malware.
How do I avoid becoming a victim of TrickBot?
1. Learn how to recognize phishing emails.
Did you receive an email from someone you don’t know? Does the subject and content of the email seem off? Is the email from someone you know, but the content does not make sense? Read our blog post “Is that a UPS Package Notification or a Phishing Email? 4 Ways to Tell” for more ways to recognize phishing emails.
2. Don’t open attachments.
If you are not expecting an attachment to be sent over, or you see signs of a phishing email, do not open the attachments. TrickBot is distributed through email phishing campaigns and carries malicious Word or Excel document attachments with rogue macros or .jnlp files, which stands for Java Network Launch Protocol. These files help Windows select the right program to open a file. Hackers use .jnlp files as a vehicle for malware attacks. By clicking on the malicious file, you are at risk of losing control of your devices, as well as allowing attackers to access personal and organizational information.
The takedown of TrickBot, and what’s happening now?
Although a takedown led by Microsoft crippled the infrastructure behind the TrickBot malware botnet, it has come back to life. Researchers recognized and identified additional TrickBot activity through an active malware campaign using phishing emails that targets legal and insurance companies in North America.
Researchers analyzed the payload, which reflects web domains that are known to distribute TrickBot malware. This means it’s alive and well! And, it’s gaining traction.
Recommendations for keeping your organization secure from IT security threats:
With CoreTech’s help, cyber security awareness training for your employees can be easy! We’ll implement a program with a combination of online training and phishing email simulations.
Our team can also assist you with building policies that protect your business and implement IT security that meets and exceeds best practice guidelines, including mandatory compliance measures for your industry.
Do you want to learn more about phishing attacks—and who’s most likely to be targeted in your business? Download our eBook today.
This content was originally published here.