Trickbot Malware that started just as a banking malware has now emerged into a sophisticated data stealing tool capable of injecting malware like ransomware or serve as an Emotet downloader. And security experts from Check Point believe that the malicious software has so far targeted over 140,000 victims since November 2020, hitting high profile victims including those on PayPal, Microsoft, Amazon, Bank of America and Wells Fargo.
Interestingly, the research claims that the campaign has so far targeted only customers from APAC region and a few from Europe, Latin America, North America and Africa.
Trickbot Malware distribution is carried out via malicious macros spread done through phishing emails and is also found operating as an espionage software sometimes.
CISA has recently advised public and private companies to install network defenders, provide social engineering and phishing training to employees, deploy anti-malware solutions, enforce multi-factor authentication, disable unnecessary privileged access to workstations and servers, monitor web traffic and block users from accessing risky websites, block unsolicited connection requests through efficient firewalls, segregate networks and functions as per priority and download required patches that address vulnerabilities that are exploited by Trickbot.
Note- In September 2020, many of the hospitals and healthcare firms operating in United States were infected by RYUK ransomware. And prima facie revealed that an email phishing campaign led to the spread of Emotet Trojan that then paved way for TrickBot, leading to the download of RYUK.