TrickBot, sounds like the name of a kid’s toy, but it most definitely is not. TrickBot is a type of malware that spreads through phishing emails. CISA and the FBI have released a cybersecurity advisory because they have noticed an increase in targeted phishing emails in North America. These attacks are luring victims into clicking links or opening files that allows the hackers to download TrickBot. But what is TrickBot and how do you protect your devices from it? Luckily enough, here at Machado Consulting we can help answer those questions for you.
What is TrickBot malware?
TrickBot malware was first recognized back in 2016, as a trojan designed to attack banking information and steal financial data. Now TrickBot has transformed into something even worse, a highly modular, multi-stage malware that allows hackers access to tools to conduct illegal cyber activities. TrickBot malware is found to be spread by spearphishing or phishing campaigns. These malicious emails contain links or attachments, that when clicked on, will activate the malware and embed it into your system. TrickBot also uses man-in-the browser attacks. This type of attack is used to steal your logins when you go to websites.
Recently TrickBot has been using a new phishing campaign in its attempt to infect more systems. These false emails will claim to contain proof of a traffic violation, in order to scare people into opening it. If someone is unfortunate enough to open the link it will bring them to a website that is compromised by the attackers. From there the attackers have victims click on a photo to see “proof” of the traffic violation. What this does is download a file that, when opened, will download the TrickBot onto the victim’s system.
TrickBot proves to be a powerful tool for cybercriminals and remains a threat for businesses of all sizes.
How to protect your devices from malware
With TrickBot being such a customizable malware attack, it would be an extreme challenge to completely remove TrickBot from the landscape. Since it would take a lot of time and manpower to get rid of TrickBot completely, it may be in your best interest to just be prepared and know how to avoid it in the first place.
CISA and the FBI have released a list of recommendations to mitigate attacks and strengthen the security of your organization’s systems. A few notable recommendations include, providing training to your employees on how to detect a social engineering or phishing scam, blocking suspicious IP addresses, use antivirus software, and enable two-factor authentication (2FA).
What does this mean for your industry?
Since no industry is immune to cyber attacks then everyone can benefit from knowing about TrickBot. That includes small businesses, healthcare, IT, manufacturing and more. Even just working from home you are susceptible to phishing attacks. As long as you have good cybersecurity and knowledge on how to avoid phishing attacks or scams, then you and your business should be just fine.