The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) are urging organizations to guard against TrickBot malware spear-phishing campaigns. CISA previously issued a TrickBot warning last year.
Cybercrime actors are using TrickBot spear-phishing campaigns to launch attacks against organizations across North America, CISA stated in a security alert. These actors are using a traffic infringement phishing scheme to lure victims into downloading TrickBot, so they can perform a variety of illegal cyber activities.
What Is TrickBot?
TrickBot is an advanced Trojan used primarily in spear-phishing campaigns, CISA noted. It was first identified in 2016 and originally used as a banking Trojan to steal financial data. Since its inception, cybercriminals have been increasingly using TrickBot to launch modular, multi-stage spear-phishing campaigns.
How Can Organizations Guard Against TrickBot Malware Attacks?
CISA and FBI offer several recommendations to help organizations guard against TrickBot attacks, including:
- Block any suspicious IP addresses
- Implement email gateway filters
- Use antivirus software
- Segment and separate networks and functions
- Leverage multi-factor authentication (MFA)
- Monitor web traffic
- Restrict user access to risky websites
Organizations also can provide social engineering and phishing training to employees. In doing so, they can ensure their workers are well-equipped to identify malware and other cyber threats before they cause severe damage.