Trickbot appears to have filled the void left by Emotet, a similar botnet, after it was disrupted by law enforcement earlier this year, according to cybersecurity researchers.
A study from Check Point has placed Trickbot at the top of its Global Threat Index for February 2021. This is the first time that it topped the company’s index, having risen from third position in January.
Trickbot is a botnet, where the malware spreads from computer to computer, generally through emails. Once infected, the computers automatically start attempting to infect other computers.
Access to the botnet is then sold on to other cyberattackers to spread malware of their choice, an example of malware as a service (MaaS).
For the majority of 2020, Trickbot was the fourth most prevalent global malware, according to Check Point, impacting 8% of organisations.
In addition, it was used as part of one of 2020’s biggest cyberattacks, when it hit US healthcare provider Universal Health Services (UHS). Trickbot was used to harvest data from the company’s systems before delivering the Ryuk ransomware.
The attack cost UHS $67 million in lost revenues and costs.
Check Point researchers warned that Trickbot’s popularity is due to its versatility and proven track record of success.
Trickbot impacted 3% of organisations last month. The second and third placed malware families in the Check Point’s Threat Index, XMRig and Qbot, had similar reaches.
Meanwhile, the world’s previous largest botnet, Emotet, dropped out of the top 10 altogether.
Emotet was disrupted in late January this year in an international police operation. Hackers had been using the botnet for years, with access to infected computers being sold to cybercriminals.
The botnet was spread out across several hundreds of servers located around the world.
Experts had warned that Emotet had been behind some of the worst cyberattacks in recent years. Furthermore, it had also been used to enable the spread of its successor, Trickbot.
However, botnets have proven dangerously resilient, and the malware ecosystem adaptable.
Trickbot itself was hit in October 2020, when Microsoft identified its infrastructure and obtained court orders to disable connected IP addresses.
However, as the latest news shows, the takedown was short-lived. While the Emotet operation was more comprehensive, and as such has had more of a long-term impact, it demonstrates how difficult it can be to uproot a well-established botnet.
“Even when a major threat is removed, there are many others that continue to pose a high risk on networks worldwide, so organisations must ensure they have robust security systems in place to prevent their networks being compromised and minimise risks,” Check Point warned.
“Comprehensive training for all employees is crucial, so they are equipped with the skills needed to identify the types of malicious emails which spread Trickbot and other malware.”
Tell the world!
This content was originally published here.