ADVISORY ON TRICKBOT

BACKGROUND
Trickbot is a malware-as-a-service botnet that is often described as one of the world's largest. It first appeared as banking malware in 2016, used to steal online banking credentials, and is designed to stealthily infiltrate a victim's computer and remain silent thus no particular symptoms are clearly visible on an infected machine.

From being a simple malware downloader to a more sophisticated “dropper”, Trickbot has a history of being used for sending phishing emails to spread malicious software, and capturing credentials from victims' browsers. It has become a reliable medium for deploying various strains of ransomware, locking up infected systems on a corporate network.

 

IMPACT

  • Gain sensitive information such as banking credentials
  • May compromise computer system
  • May encrypt files including confidential documents
  • Might connect infected devices to malicious, criminally-controlled networks over the internet
  • Unauthorised access attempts to online accounts
  • Successful, fraudulent bank transfer activity
  • Unauthorised changes to network infrastructure
  • Identity fraud may happen as criminal can gather Personally Identifiable Information (PII) via online banking.
  • Spread across a victim’s network by infecting other devices, including those on trusted domains
  • Download further malicious files such as Remote Access Tools, VNC clients and ransomware

 

RECOMMENDATIONS

  • Review bank and credit card statements for suspicious activity, and report any findings to your bank
  • Use strong passwords and make sure to change it every three months
  • Use the latest supported version of operating software (OS) and applications, apply patches promptly and make sure to keep them updated
  • Use antivirus and scan regularly to guard against known malware threats.
  • Keep antivirus software up to date. Ensure that antivirus software is capable of scanning MS Office macros.
  • Always backup data and store it in an offline backup, to reduce the impact of ransomware.
  • Enable multi-factor authentication (MFA), also known as two-step verification or 2-factor authentication (2FA).