New Phishing Scam Exploits COVID-19 Crisis To Spread TrickBot Malware – Comment From Security Expert

Microsoft Security Intelligence has revealed that the TrickBot malware is being spread via a new phishing campaign that exploits the current COVID-19 crisis. The campaign offers fake virus advice and testing, installing the malware via ‘macro-laced’ malicious attachments.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Yana Blachman
Yana Blachman , Threat Intelligence Specialist
InfoSec Expert
April 21, 2020 11:38 am

The sad reality is that the COVID-19 situation offers even the most sophisticated APT groups the chance to execute phishing attacks that exploit the current crisis. TrickBot is no different. This sophisticated crimeware adapts quickly to the current situation and seizes the moment to ensure attack success. It’s also particularly nasty: once it’s on a user’s device, TrickBot tries to compromise the user’s SSH keys, which grant its operators control to a businesses’ sensitive information.

SSH machine identities automate control over all manner of systems from datacentres to cloud environments. Stealing them gives the attackers control and gives them the power to create long term access since SSH keys don’t expire and most organisations – even those with sophisticated defences – never change them.

This phishing campaign is a grim reminder that unless businesses have visibility over all their SSH keys in use across the datacentre and cloud, and automated processes in place to change them, these methods and the increasing theft of SSH keys will only continue.

Last edited 2 years ago by Yana Blachman
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x