The TrickBot Botnet Resurgence Via Phishing Attacks


February 16, 2021

A botnet that’s plagued people on and off since 2016 has reared its ugly head again, this time focusing on phishing campaigns that target legal firms and insurance companies.

TrickBot has been associated with a wide swath of high profile cyberattacks over the years. Most notably it’s been associated with Ryuk, a particularly nasty bit of ransomware that’s been leveraged to attack enterprises all over the world.

Originally a banking trojan, the software evolved into a delivery mechanism for bad guys to solicit nefarious software like Ryuk to attack their victims.

Last October, Microsoft led a takedown aimed at finishing TrickBot off once and for all but it would appear the effort was unsuccessful.

The Attack Chain

It’s a pretty familiar story:

  1. Attacker targets vertical
  2. The attacker creates a phishing email campaign using a list of compromised email accounts
  3. The victim clicks on a malicious link in the phishing email
  4. The victim downloads a malicious payload
  5. Pandemonium ensues.

What can you do to protect yourself?

There’s a variety of security products out there, that if installed or implemented correctly can help you protect yourself, your coworkers, and/or your business. Ultimately, what you need to protect yourself is a better understanding of what phishing is (a form of Social Engineering Attack), how to spot one and what you can do to nip one bud before it can blossom.

What is Phishing?

Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, and credit card details, by disguising oneself as a trustworthy entity in an electronic communication.

Typically carried out by email spoofing, instant messaging, and text messaging, phishing often directs users to enter personal information at a fake website that matches the look and feel of the legitimate site.

Phishing is an example of social engineering techniques used to deceive users. Users are lured by communications purporting to be from trusted parties such as social web sites, auction sites, banks, colleagues/executives, online payment processors, or IT administrators.

Attempts to deal with phishing incidents include legislation, user training, public awareness, and technical security measures (the latter being due to phishing attacks frequently exploiting weaknesses in current web security).

How to Stop a Phishing Attack:

Slow Down and Control Your Emotions

Remember the attacker is trying to manipulate your emotions into making a quick reaction. The more time you take to think about the situation the more likely you’ll start to realize something’s up.

We might be animals when it comes to our emotions, but we’re also brilliant. By slowing down, our rational brain allows us to overcome our feelings.

Think About What You’re Reading, Seeing, or Hearing

The more time you give yourself for rational thought, the better off you are when it comes to seeing through the attacker’s ruse.

Look for things like strange word choices or misspellings. Look for visual clues like off-brand graphics (if it comes from someplace like your bank or a store you frequent).

You’re more astute than you might give yourself credit for. If something seems off, it probably is.

Check to See Who Sent the Message

Email masking is incredibly prominent in today’s world. Most email clients format the sender’s address so that it’s easier to discern who it’s from. The problem is attackers leverage this.

If you’ve got the feeling the message you’re reading isn’t on the level check to see who sent it. If the name is familiar, but the email address isn’t there’s a good chance you’re experiencing a social engineering attack.

Don’t Follow Blind Links

 Links are easy to hide, just like email addresses. If you can’t discern where a web-link is going to send you don’t click on it.

Always make sure to hover or right-click on an email link (whatever your email client is set up for) to see where it might send you.

Be Wary of Attachments

If you’ve gone through the steps mentioned above, you probably know what I’m going to say here. Don’t download attachments from people you don’t know.

Sometimes it’s a bad idea to download attachments from people that you do. Be on the lookout for e-mail attachments that appear to be Microsoft Word or Excel files. They might contain pretty nasty surprises.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Carl Keyser is the Content Manager at Integris.

Keep reading

Bridging the Gap between Automation and Innovation

Bridging the Gap between Automation and Innovation

Automation and Innovation. Some people might say those two words cancel each other out. Yet, I believe these two concepts can create capacity for each other—if your business leverages the free time automation creates to foster innovation. Automation can be...

Why Is My Laptop Draining So Fast?

Why Is My Laptop Draining So Fast?

Before You Replace Your Laptop Battery, Try These Fixes First Stuck with a laptop that’s running out way before it’s standard 8-10 hours of run time? Don't throw it out just yet.  Try these quick fixes to extend its life: Reduce your screen brightness If possible,...