The Cybersecurity and Infrastructure Security Agency (CISA) and FBI have observed continued targeting through spearphishing campaigns using TrickBot malware in North America, according to a Joint Cybersecurity Advisory published in March and updated in May.
The cybercrime actors lure victims, via phishing emails, with a traffic infringement phishing scheme to download TrickBot. TrickBot—first identified in 2016—is a Trojan (malware disguised as legitimate software) developed and operated by a sophisticated group of cybercrime actors. It is highly modular, multistage malware that provides its operators a full suite of tools to conduct a myriad of illegal cyber activities, according to the CISA and FBI.
In its advisory, the CISA and FBI offer several mitigation tactics, some of which we’ll expand on and discuss in this article.
“The advisory recommends several mitigation measures. These mitigation measures include very fundamental tasks,” says Colin J. Zick, partner and co-chair of the healthcare practice and privacy and data security practice and COVID-19 task force at Boston-based law firm Foley Hoag.
“Equally, or even more important, is the advisory’s suggestion that employers provide social engineering and phishing training to employees, mandate reporting of all suspicious emails, flag external emails, and limit unnecessary services and lateral network communications,” he adds. “Security is only as good as the weakest link, and these human factors are the weak link.”
“But as the company grows, new hires come on board and this method won’t be sustainable. Given that threats are continuously evolving and modernizing, you need a way to scale and automate this process. We had to consider the user experience, ease of use, automation, reporting, and metrics. And it was key for us to ensure we could certify the training.”
CISO, XYPRO Technology