As per a joint statement of the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), one of the most widespread and powerful forms of malware, Trickbot malware, is now being used in spear-phishing campaigns in an attempt to infect PCs.
Initially employed as a bank Trojan, Trickbot is now one of the most powerful tools available to cybercriminals who can gain remote access to infected machines to deliver their own malware, including ransomware.
According to the two agencies, Trickbot allows hackers to steal victims’ sensitive information by creating a backdoor onto Windows machines. Other versions of Trickbot, however, are capable of spreading across entire networks.
TrickBot uses person-in-the-browser attacks to steal information, such as login credentials. Additionally, some of TrickBot’s modules spread the malware laterally across a network by abusing the Server Message Block (SMB) Protocol. TrickBot operators have a toolset capable of spanning the entirety of the MITRE ATT&CK framework, from actively or passively gathering information that can be used to support targeting, to trying to manipulate, interrupt, or destroy systems and data.
Due to its modular nature, Trickbot is highly customizable. This means cybercriminals can use TrickBot to either include other malware, such as Ryuk and Conti ransomware, or serve as an Emotet malware downloader. What’s more, Trickbot can also be used to exploit infected machines for cryptomining.
MITRE ATT&CK enterprise techniques used by TrickBot
Last October, Microsoft announced that it targeted Trickbot to combat ransomware ahead of U.S. Elections. The tech giant revealed that it has taken action against the botnet where it has disrupted its key infrastructure. Despite the efforts, TrickBot survived the takedown attempt.
The Trickbot malware remains a powerful tool for cybercriminals and a clear danger for enterprises and organizations of all sizes, therefore implementing a proper cybersecurity program is vital.
When it comes to maintaining the security, integrity, and accessibility of the data and systems of every organization, good patch management is a crucial aspect and the process should be as thorough as possible. The more you keep up with your patching and update all your critical (and non-critical) systems, the less likely it is that your company will be compromised.
This content was originally published here.