The sad reality is that the COVID-19 situation offers even the most sophisticated APT groups the chance to execute phishing attacks that exploit the current crisis. TrickBot is no different. This sophisticated crimeware adapts quickly to the current situation and seizes the moment to ensure attack success. It’s also particularly nasty: once it’s on a user’s device, TrickBot tries to compromise the user’s SSH keys, which grant its operators control to a businesses’ sensitive information. SSH machine identities automate control over all manner of systems from datacentres to cloud environments. Stealing them gives the attackers control and gives them the power to create long term access since SSH keys don’t expire and most organisations – even those with sophisticated defences – never change them. This phishing campaign is a grim reminder that unless businesses have visibility over all their SSH keys in use across the datacentre and cloud, and automated processes in place to change them, these methods and the increasing theft of SSH keys will only continue.  Read Less