A new variant of the Trickbot banking trojan has been discovered by security researchers at Trend Micro* that is using a redirected URL in spam email to spread malware. The redirected URL is a way to get around spam filters.
Mike Bittner, Associate Director of Digital Security and Operations at The Media Trust:
“Compromising legitimate websites by injecting malicious code is becoming a popular attack method. The targets of such attacks are the third parties that provide the app and execute their code outside the web operator’s IT perimeter. Bad actors know that many web app developers don’t build security and privacy into their devops lifecycle. Too often, these developers operate on very thin margins, which require short timescales that, in turn, sideline security and privacy. As a result, websites are simply not equipped to withstand such attacks. Meanwhile, many website operators would rather ignore the risks their third parties pose by choosing band aid security solutions like conventional blockers. Developers and their clients will need to change their business model as new data privacy laws are introduced to their markets. With the cost of data breaches soaring and consumers eager to flex their data privacy rights, ignoring security will cost them their business.”