A new variant of the Trickbot banking trojan has been discovered by security researchers at Trend Micro* that is using a redirected URL in spam email to spread malware. The redirected URL is a way to get around spam filters.
Expert Comments:
Mike Bittner, Associate Director of Digital Security and Operations at The Media Trust:
“Compromising legitimate websites by injecting malicious code is becoming a popular attack method. The targets of such attacks are the third parties that provide the app and execute their code outside the web operator’s IT perimeter. Bad actors know that many web app developers don’t build security and privacy into their devops lifecycle. Too often, these developers operate on very thin margins, which require short timescales that, in turn, sideline security and privacy. As a result, websites are simply not equipped to withstand such attacks. Meanwhile, many website operators would rather ignore the risks their third parties pose by choosing band aid security solutions like conventional blockers. Developers and their clients will need to change their business model as new data privacy laws are introduced to their markets. With the cost of data breaches soaring and consumers eager to flex their data privacy rights, ignoring security will cost them their business.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.