New Phishing Scam Exploits COVID-19 Crisis To Spread TrickBot Malware – Comment From Security Expert

By   ISBuzz Team
Writer , Information Security Buzz | Apr 21, 2020 03:31 am PST

Microsoft Security Intelligence has revealed that the TrickBot malware is being spread via a new phishing campaign that exploits the current COVID-19 crisis. The campaign offers fake virus advice and testing, installing the malware via ‘macro-laced’ malicious attachments.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Yana Blachman
Yana Blachman , Threat Intelligence Specialist
April 21, 2020 11:38 am

The sad reality is that the COVID-19 situation offers even the most sophisticated APT groups the chance to execute phishing attacks that exploit the current crisis. TrickBot is no different. This sophisticated crimeware adapts quickly to the current situation and seizes the moment to ensure attack success. It’s also particularly nasty: once it’s on a user’s device, TrickBot tries to compromise the user’s SSH keys, which grant its operators control to a businesses’ sensitive information.

SSH machine identities automate control over all manner of systems from datacentres to cloud environments. Stealing them gives the attackers control and gives them the power to create long term access since SSH keys don’t expire and most organisations – even those with sophisticated defences – never change them.

This phishing campaign is a grim reminder that unless businesses have visibility over all their SSH keys in use across the datacentre and cloud, and automated processes in place to change them, these methods and the increasing theft of SSH keys will only continue.

Last edited 3 years ago by Yana Blachman

Recent Posts

Would love your thoughts, please comment.x