Researchers from Trend Micro’s Security Intelligence have reported on a sudden increase of Trickbot’s activities in Japan, and Trend Micro researchers have found updates to the password-grabbing (pwgrab) module and possible changes to the Emotet variant that drops Trickbot.
Trickbot has been one of the most active banking trojans in 2019. The malware is constantly being improved with new and updated modules, and the threat actors behind it are still churning out new ones. Previous Trickbot reports involved behavior that compromises services and platforms to collect credentials from browser, Outlook, WinSCP, and FileZilla.
Trend Micro’s latest report of changes to its pwgrab module found additional credential-stealing capabilities for remote access applications such as remote desktop protocol (RDP), virtual network computing (VNC), and PuTTY platforms.
The most recent iterations (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.TIGOCER) targeted a slew of credentials from TeamViewer, OpenSSH, OpenVPN, Git, KeePass Password Manager, SSH private key files, SSL certificate files, and Bitcoin wallet files.
Due to its modular nature, Trickbot can and will surely morph into something more in order to add to its features, and cybercriminals will surely look into other possible iterations to make a profit.
To address this challenge, enterprises can look into sourcing third-party security services offering managed detection and response (MDR), such as Trend Micro Managed XDR, which offers a wide scope of visibility and expert security analytics by integrating detection and response functions across networks, endpoints, emails, servers, and cloud workloads. Organizations will have access to the whole knowledge base of Trend Micro, including prior analysis of other Trickbot variants and other similarly sophisticated threats.
Moreover, enterprises can benefit from security technology that employs a multilayered approach to mitigate the risks brought by threats like Trickbot.
Trend Micro XGen security provides a cross-generational blend of threat defense techniques to protect systems from all types of threats, including banking trojans, ransomware, and cryptocurrency-mining malware. It features high-fidelity machine learning on gateways and endpoints, and protects physical, virtual, and cloud workloads.
With capabilities like web/URL filtering, behavioral analysis, and custom sandboxing, XGen security protects against today’s threats with various capabilities: bypassing traditional controls; exploiting known, unknown, or undisclosed vulnerabilities; or stealing or encrypting personally identifiable data. Smart, optimized, and connected, XGen security powers Trend Micro’s suite of security solutions.
No comments:
Post a Comment