The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint warning for a phishing campaign that is attempting to infect PCs with Trickbot. Trickbot, first identified in 2016, is malware developed by a sophisticated group of cyber threat actors and was originally designed as a banking trojan. It has since become highly modular and is a multi-stage malware that can carry out a myriad of criminal activity. The newest phishing scam comes in the form of an email claiming to have proof of a traffic violation. When individuals open the email, it contains a link that takes users to a website claiming to have a photo of the alleged traffic violation. Instead, the malware is downloaded on to their system, allowing criminals to steal sensitive information including login credentials.
Analyst Notes
Phishing scams are some of the easiest attacks for criminals to carry out, and the easiest to fall for. The best way to protect against phishing campaigns is training and awareness. Teaching employees how to spot a phishing email can be a great defense. Identifying suspicious URLs or email addresses or knowing when an attachment may be malicious can prevent an attack brought on by a phishing email. If email filtering is in place, defenders can block zip file attachments that contain JavaScript or VBScript files. Another useful preventative control to deploy is a group policy update to set the default program for handling .js and .vbs file extensions to Notepad or another text editor program, so that employees double-clicking a script file do not automatically execute it on their workstation. Multi-factor authentication also provides a strong barrier against phishing attacks because it requires an extra step for cyber criminals to overcome in order to conduct a successful attack. According to Microsoft, using multi-factor authentication blocks 99.9% of attempted account hacks. Companies should also utilize a service such as Binary Defense’s Managed Detection and Response service to monitor endpoints for any abnormal activity and identify attacks early before they can cause damage.
Sources: https://www.zdnet.com/article/fbi-phishing-emails-are-spreading-this-sophisticated-malware/
https://us-cert.cisa.gov/ncas/current-activity/2021/03/17/cisa-fbi-joint-advisory-trickbot-malware-0
