{"id":179538,"date":"2019-03-18T12:57:14","date_gmt":"2019-03-18T17:57:14","guid":{"rendered":"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/"},"modified":"2019-03-18T12:57:14","modified_gmt":"2019-03-18T17:57:14","slug":"new-threat-advisory-trickbot-warnings-recommendations","status":"publish","type":"post","link":"https:\/\/ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/","title":{"rendered":"New Threat Advisory: TrickBot (Warnings\/Recommendations)"},"content":{"rendered":"<p><strong>TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here\u2019s what you need to know to protect your organization from TrickBot.<\/strong><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/ntegrait.com\/wp-content\/uploads\/2019\/03\/GettyImages-1016257320-1.jpg\" alt=\"Trickbot\" width=\"100%\" \/><\/p>\n<h2>Don\u2019t Get Tricked By TrickBot<\/h2>\n<p><a href=\"https:\/\/www.us-cert.gov\/ncas\/current-activity\/2019\/03\/14\/MS-ISAC-Releases-Security-Primer-TrickBot-Malware\">TrickBot is up to its tricks again<\/a>. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here\u2019s what you need to know to protect your organization from TrickBot.<\/p>\n<h2>What Is TrickBot?<\/h2>\n<p>The <a href=\"https:\/\/www.cisecurity.org\/ms-isac\/\">Multi-State Information Sharing and Analysis Center (MS-ISAC)<\/a> recently released a security primer on TrickBot. Originally developed in 2016 as a Windows-based banking Trojan, TrickBot has recently advanced its capabilities.<\/p>\n<p>TrickBot is a modular banking trojan that targets user financial information and acts as a vehicle for other malware. It uses Man-in-the-Browser attacks to steal financial information such as login credentials for online banking sessions. (The majority of financial institutions consider Man In The Browser attacks as the greatest threat to\u00a0online banking.)<\/p>\n<p>Malware developers are continuously releasing new modules and versions of TrickBot\u2014 And they\u2019ve done this once again.<\/p>\n<h2><strong>How Is TrickBot Distributed?<\/strong><\/h2>\n<p>TrickBot is disseminated via malspam campaigns. Malspam is a combination of malware and spam. It\u2019s usually delivered through phishing or spear-phishing emails. Its goal is to exploit computers for financial gain.<\/p>\n<p>These malspam campaigns send unsolicited emails that direct users to download malware from malicious websites or trick the user into opening malware through an attachment.<\/p>\n<p>TrickBot is also dropped as a secondary payload by other malware such as\u00a0<a href=\"https:\/\/www.cisecurity.org\/white-papers\/ms-isac-security-primer-emotet\/\">Emotet<\/a>. Some of TrickBot\u2019s modules abuse the Server Message Block (SMB) Protocol to spread the malware laterally across a network. (SMB is an application-layer network protocol that facilitates network communication while providing shared access to client files, printers and serial ports.)<\/p>\n<p>The developers behind TrickBot have continue to add more features via modules to this potent trojan virus. It can download new modules that allow it to evolve if left unchecked.<\/p>\n<h2>How Does The TrickBot Malspam Campaign Work?<\/h2>\n<p>The malspam campaigns that deliver TrickBot use third-party branding looks familiar to you and your staff such as invoices from accounting and financial firms. The emails typically include an attachment, such as a Microsoft Word or Excel document. If you open the attachment, it will execute and run a script to download the TrickBot malware.<\/p>\n<p>And, TrickBot is really tricky. It runs checks to ensure that it isn\u2019t put in a sandboxed (quarantined) environment. Then it attempts to disable your antivirus programs like Microsoft\u2019s Windows Defender.<\/p>\n<p>And even worse, TrickBot redeploys itself in the \u201c%AppData%\u201d folder and creates a scheduled task that provides persistence. Persistence is the continuance of the effect after its cause is removed. So, even after you remove TrickBot, it can still create problems.<\/p>\n<h2>What Happens If Your Network Gets Infected With TrickBot?<\/h2>\n<p>TrickBot\u2019s modules steal banking information, perform system\/network reconnaissance, harvest credentials and can propagate throughout your network.<\/p>\n<p>TrickBot:<\/p>\n<ul>\n<li>Will harvest your system information so that the attacker knows what\u2019s running on your network.<\/li>\n<li>Compares all files on your disk against a list of file extensions.<\/li>\n<li>Collects more system information and maps out your network.<\/li>\n<li>Harvests browser data such as cookies and browser configurations.<\/li>\n<li>Steals credentials and configuration data from domain controllers.<\/li>\n<li>Auto fills data, history, and other information from browsers as well as software applications.<\/li>\n<li>Accesses saved Microsoft Outlook credentials by querying several registry keys.<\/li>\n<li>Force-enables authentication and scrapes credentials.<\/li>\n<li>Uses these credentials to spread TrickBot laterally across your networks.<\/li>\n<\/ul>\n<h2>What\u2019s New With TrickBot?<\/h2>\n<p>In November 2018, a module was developed and added that gave TrickBot the ability to steal credentials from popular applications such as Filezilla, Microsoft Outlook, and WinSCP.<\/p>\n<p>In January 2019, three new applications were targeted for credential grabbing: VNC, Putty, and RDP.<\/p>\n<p>In addition, it can also steal credentials and artifacts from multiple web browsers (Google Chrome\/Mozilla Firefox\/Internet Explorer\/Microsoft Edge) including your browsing history, cookies, autofills, and HTTP Posts.<\/p>\n<h2>How Can You Protect Your Organization From TrickBot?<\/h2>\n<p>We recommend that you contact us and arrange for the following to protect against the TrickBot malware:<\/p>\n<ul>\n<li>Implement filters at the email gateway to filter out emails with known malspam indicators such as known malicious subject lines, and block suspicious IP addresses at the firewall.<\/li>\n<li>Use managed antivirus programs on clients and servers, with automatic updates of signatures and software. Off-the-shelf antivirus isn\u2019t enough.<\/li>\n<li>Arrange for vulnerability scans to detect TrickBot or other malware threats that are hiding in your IT systems.<\/li>\n<li>Apply appropriate patches and updates immediately after they are released.<\/li>\n<li>Provide Security Awareness Training for your users. Regular training will ensure that they can recognize social engineering\/phishing attempts, and refrain from opening attachments from unverified senders.<\/li>\n<li>Help you employ a Password Management solution so your usernames and passwords aren\u2019t disclosed to unsolicited requests.<\/li>\n<li>Deploy a managed Anti-Spam\/Malware Solution with the latest signature and detection rules.<\/li>\n<li>Review security logs for indicators of\u00a0TrickBot. If any are found, we can isolate the host and begin investigation and remediation\u00a0procedures.<\/li>\n<li>Make sure you adhere to the principle of least privilege, ensuring that users have the minimum level of access required to accomplish their duties. We\u2019ll also limit administrative credentials to designated administrators.<\/li>\n<li>Implement Domain-Based Message Authentication, Reporting &amp; Conformance (DMARC). This is a validation system that minimizes spam emails by detecting email spoofing using Domain Name System (DNS) records and digital signatures.<\/li>\n<li>If you don\u2019t have a policy regarding suspicious emails, we can help you create one and specify that all suspicious emails should be reported to security and\/or IT departments.<\/li>\n<li>And more\u2026<\/li>\n<\/ul>\n<p>Don\u2019t let TrickBot use its tricks to steal your confidential data. Contact us for comprehensive IT Security Analysis and Remediation to keep TrickBot out of your network.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here\u2019s what you need to know to protect your organization from TrickBot. Don\u2019t Get Tricked By TrickBot TrickBot is up to its tricks again. Once cyber experts get a handle on it,&hellip;<\/p>\n","protected":false},"author":5,"featured_media":159112,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[8],"tags":[65],"class_list":["post-179538","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-mediabytes"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>New Threat Advisory: TrickBot (Warnings\/Recommendations) - IT Services in Virginia<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Threat Advisory: TrickBot (Warnings\/Recommendations) - IT Services in Virginia\" \/>\n<meta property=\"og:description\" content=\"TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here\u2019s what you need to know to protect your organization from TrickBot. Don\u2019t Get Tricked By TrickBot TrickBot is up to its tricks again. Once cyber experts get a handle on it,&hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/\" \/>\n<meta property=\"og:site_name\" content=\"IT Services in Virginia\" \/>\n<meta property=\"article:published_time\" content=\"2019-03-18T17:57:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ntegrait.com\/wp-content\/uploads\/2019\/03\/GettyImages-1016257320.jpg\" \/>\n<meta name=\"author\" content=\"Steve West\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Steve West\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/\",\"url\":\"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/\",\"name\":\"New Threat Advisory: TrickBot (Warnings\/Recommendations) - IT Services in Virginia\",\"isPartOf\":{\"@id\":\"https:\/\/www.ntegrait.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/ntegrait.com\/wp-content\/uploads\/2019\/03\/GettyImages-1016257320.jpg\",\"datePublished\":\"2019-03-18T17:57:14+00:00\",\"dateModified\":\"2019-03-18T17:57:14+00:00\",\"author\":{\"@id\":\"https:\/\/www.ntegrait.com\/#\/schema\/person\/33156c118f002b88019c3fc70441bf79\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/#primaryimage\",\"url\":\"https:\/\/ntegrait.com\/wp-content\/uploads\/2019\/03\/GettyImages-1016257320.jpg\",\"contentUrl\":\"https:\/\/ntegrait.com\/wp-content\/uploads\/2019\/03\/GettyImages-1016257320.jpg\",\"width\":836,\"height\":418},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/ntegrait.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New Threat Advisory: TrickBot (Warnings\/Recommendations)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.ntegrait.com\/#website\",\"url\":\"https:\/\/www.ntegrait.com\/\",\"name\":\"IT Services in Virginia\",\"description\":\"Ntegra IT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.ntegrait.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.ntegrait.com\/#\/schema\/person\/33156c118f002b88019c3fc70441bf79\",\"name\":\"Steve West\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ntegrait.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3cc273f166c78aca895198956663df42?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3cc273f166c78aca895198956663df42?s=96&d=mm&r=g\",\"caption\":\"Steve West\"},\"description\":\"Ntegra IT is devoted to providing reliable Computer Support to businesses that want to improve productivity and profitability. We deliver custom designed Network Services that better map to your business, so you can stop worrying about your technology and get back to achieving your business goals.\",\"url\":\"https:\/\/ntegrait.com\/author\/swestntegrait-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Threat Advisory: TrickBot (Warnings\/Recommendations) - IT Services in Virginia","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/","og_locale":"en_US","og_type":"article","og_title":"New Threat Advisory: TrickBot (Warnings\/Recommendations) - IT Services in Virginia","og_description":"TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here\u2019s what you need to know to protect your organization from TrickBot. Don\u2019t Get Tricked By TrickBot TrickBot is up to its tricks again. Once cyber experts get a handle on it,&hellip;","og_url":"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/","og_site_name":"IT Services in Virginia","article_published_time":"2019-03-18T17:57:14+00:00","og_image":[{"url":"https:\/\/www.ntegrait.com\/wp-content\/uploads\/2019\/03\/GettyImages-1016257320.jpg","type":"","width":"","height":""}],"author":"Steve West","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Steve West","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/","url":"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/","name":"New Threat Advisory: TrickBot (Warnings\/Recommendations) - IT Services in Virginia","isPartOf":{"@id":"https:\/\/www.ntegrait.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/#primaryimage"},"image":{"@id":"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/#primaryimage"},"thumbnailUrl":"https:\/\/ntegrait.com\/wp-content\/uploads\/2019\/03\/GettyImages-1016257320.jpg","datePublished":"2019-03-18T17:57:14+00:00","dateModified":"2019-03-18T17:57:14+00:00","author":{"@id":"https:\/\/www.ntegrait.com\/#\/schema\/person\/33156c118f002b88019c3fc70441bf79"},"breadcrumb":{"@id":"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/#primaryimage","url":"https:\/\/ntegrait.com\/wp-content\/uploads\/2019\/03\/GettyImages-1016257320.jpg","contentUrl":"https:\/\/ntegrait.com\/wp-content\/uploads\/2019\/03\/GettyImages-1016257320.jpg","width":836,"height":418},{"@type":"BreadcrumbList","@id":"https:\/\/www.ntegrait.com\/new-threat-advisory-trickbot-warnings-recommendations\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/ntegrait.com\/"},{"@type":"ListItem","position":2,"name":"New Threat Advisory: TrickBot (Warnings\/Recommendations)"}]},{"@type":"WebSite","@id":"https:\/\/www.ntegrait.com\/#website","url":"https:\/\/www.ntegrait.com\/","name":"IT Services in Virginia","description":"Ntegra IT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ntegrait.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.ntegrait.com\/#\/schema\/person\/33156c118f002b88019c3fc70441bf79","name":"Steve West","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ntegrait.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3cc273f166c78aca895198956663df42?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3cc273f166c78aca895198956663df42?s=96&d=mm&r=g","caption":"Steve West"},"description":"Ntegra IT is devoted to providing reliable Computer Support to businesses that want to improve productivity and profitability. We deliver custom designed Network Services that better map to your business, so you can stop worrying about your technology and get back to achieving your business goals.","url":"https:\/\/ntegrait.com\/author\/swestntegrait-com\/"}]}},"_links":{"self":[{"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/posts\/179538","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/comments?post=179538"}],"version-history":[{"count":0,"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/posts\/179538\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/media\/159112"}],"wp:attachment":[{"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/media?parent=179538"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/categories?post=179538"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ntegrait.com\/wp-json\/wp\/v2\/tags?post=179538"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}