3/4/2023 0 Comments Trickbot strikes back![]() ![]() WIZARD SPIDER Update: Resilient, Reactive and Resolute: Read Recent TrickBot news from the CrowdStrike During the most recent United States presidential election, intelligence agencies confirmed that this malware posed a threat to the safe and fair election processes. In addition to stealing financial information or serving as the platform for ransomware attacks, TrickBot may also be used to disrupt critical social services or undermine the democratic process. In recent years, cybersecurity specialists have noticed significant improvement in TrickBot’s subversion techniques, making it harder for organizations to detect an active attack. By the end of 2018, TrickBot was considered one of the top cybersecurity threats in the market. This development, as well as other evolutions, allowed TrickBot to expand its capabilities to include harvesting cookies, browser history and other sensitive information. At this point, the creators also developed a module to target Outlook credentials, thus putting millions if not billions or corporate accounts at risk of compromise. One year after its launch, TrickBot evolved to include a worm module, most likely to mimic the successful ransomware campaign, WannaCry. TrickBot and Dyreza share many notable operational and structural similarities including the way the malware communicates with command-and-control servers. It is widely believed that TrickBot shares some links to Dyreza, another highly-effective credential stealer that operated several years prior. TrickBot originated as a banking information stealer in 2016. Organizations must protect themselves with a comprehensive, advanced cybersecurity toolset which will continuously monitor network traffic and other activity in real-time and alert the IT team to suspicious behavior or anomalous activity that must be further investigated. However, detecting a TrickBot attack is difficult if not impossible for humans to do given the sprawling and complex nature of most modern cloud or hybrid work environments as well as the sophisticated nature of TrickBot malware. It is possible that a network administrator may notice symptoms of the attack, such as an unusual change in traffic or an attempt to reach out to foreign or blacklisted domains. Unfortunately, the user will rarely notice symptoms of a TrickBot infection as it is intended to operate surreptitiously.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |