Malware is quickly evolving and operating at increasingly advanced levels of infectiousness and evasiveness. In the present cyberspace landscape, malicious groups possess highly advanced skilled developers, decentralized, corporate-like operations, and partnerships with other cybercriminal groups that provide them worldwide access which means more victims, and more backup plans.
TrickBot gang is one such example of popular malware that is hitting world organizations constantly, as per the observations made by IBM Security X-Force over the years.
Recently, IBM Security X-Force published its year’s Threat Intelligence Index, in which it was noted that TrickBot was one of 2021’s most active threat groups, also known as ITG23, and Wizard Spider.
TrickBot is a recognized banking Trojan that victimizes businesses and consumers for their data, such as banking information, personally identifiable information (PII), account credentials, and bitcoins data.
It has been observed by The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) that continued targeting by spearphishing campaigns employing TrickBot are taking place in North America. Reportedly, an advanced cybercriminals group is luring victims, via phishing emails, with a traffic breach phishing scheme to download TrickBot.
Additionally, what makes ITG23 more acute and resilient to disruptions and shutdowns is its highly modular malware, it can adapt to any network it finds itself in. Also, the group has the collective shares infrastructure, and support functions, IT teams, recruiters, and even human resources to make things easier for them.
Originally discovered in 2016, TrickBot was an online banking fraud Trojan that surfaced with other Trojans namely Qakbot, Dridex Zeus, and Gozi. However, ITG23 soon expanded its operations as follows:
• Stealing credentials, data, and personal information
• Installing backdoors within the network to enable remote access
• Elevating account privileges to expand access to the compromised network
• Disabling antivirus tools or other cybersecurity measures, such as Windows Defender
• Modifying itself to avoid detection
• Downloading and installing other malware or ransomware to carry out secondary attacks, the most common of which involve Ryuk or Conti ransomware
In the report, the IBM Security X-Force has observed some defenses to spot malware and lateral movement to safeguard networks from malware attacks and these defenses include behavioral-based antimalware detection, intrusion detection, prevention solutions (IDPs), endpoint detection and response (EDR), and a security information and event management (SIEM) system.