Feds Warn of TrickBot Spear-Phishing Attacks Delivering Malware Payload

/in


By Jessica Davis

– A joint federal alert warns that all entities should be on the alert for a newly observed spear-phishing campaign, leveraging malicious emails to deliver the TrickBot malware payload. Healthcare administrators should review the alert to view attack methods and indicators of compromise.

TrickBot is highly modular and is delivered through multiple stages, as its hackers leverage a full suite of tools to conduct a range of nefarious activities. Its hackers are highly sophisticated and continuously evolve the threat to further its impact.

The malware has been active since 2016, first as a banking trojan and now as a variant often paired with other malicious threats.

The alert comes on the heels of a recent report from Check Point that ranked TrickBot as the leading malware variant, since the global takedown of the Emotet botnet in January.

Despite the global takedown, hackers are continuing to leverage other high-ranking threats that have previously seen a high level of success, such as Trickbot. It’s the first time the TrickBot trojan has topped the malware index, and it rose from the third position in January.

READ MORE: TrickBot Spear-Phishing Campaign Deploys Malware for Remote Access

TrickBot was the fourth-most prevalent malware variant in 2020, affecting 8 percent of all global organizations. In fact, the threat was used in the massive ransomware attack against Universal Healthcare Services in the Fall of 2020.

The hackers used TrickBot to detect and harvest data from UHS’ systems prior to the ransomware deployment. All 400 sites were impacted by the incident, which lasted for more than three weeks and cost the health system about $67 million in lost revenue and recovery efforts.

“Criminals will continue using the existing threats and tools they have available, and Trickbot is popular because of its versatility and its track record of success in previous attacks,” researchers noted.  

“Even when a major threat is removed, there are many others that continue to pose a high risk on networks worldwide, so organizations must ensure they have…

Source…