IBM Security Intelligence examines the latest version of TrickBot, comparing it to its precedent and taking a closer look at the components its developers kept or modified. WaterISAC previously reported on this latest evolution of this notorious malware, specifically in the December 3, 2020 Security & Resilience Update. At that time TrickBot had recently suffered, but ultimately survived, a takedown attempt by security vendors and law enforcement agencies. Following that, TrickBot’s operators released a new and more persistent version of the malware using a UEFI/BIOS bootkit (dubbed “TrickBoot”) to help it remain undetected on infected devices. In addition to looking at this persistence mechanism, IBM Security Intelligence's technical analysis also examines and compares components that include its injection technique, bot configuration, mutex naming concept, and compromise check. The analysis concludes by noting that TrickBot and the cyber crime syndicate around it are in full swing, adding that security teams should prioritize cleaning or reimaging networked devices on which the malware is detected. As it notes, TrickBot can be a foot in the door for a number of attacks, the worst of which can be an all-out ransomware and extortion operation against your organization. Read the analysis at IBM Security Intelligence.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!