TrickBot, which was once believed to be dead after a major takedown, is back with a vengeance. The creators of the malware have made new enhancements in the malware, which give a sense of upcoming sophisticated attacks on organizations. One such attack trend observed is feared to be from an updated version of TrickBot, named TrickBoot.
TrickBoot bats for TrickBot
- Supermicro and Pulse Secure have issued advisories to warn users about the products that are vulnerable to TrickBoot.
- A new feature added to the abilities of TrickBot can allow attackers to check devices for well-known vulnerabilities that can be exploited to read, write, or erase the UEFI/BIOS firmware.
- While PulseSecure has issued a BIOS patch for its affected products, Supermicro has suggested a workaround as the affected products have reached end-of-life status.
BazarLoader also hunting relentlessly
- Bazar Loader, aka BazarBackdoor, rose to prominence in the absence of TrickBot since its inception in July 2020.
- Created by threat actors behind TrickBot, BazarLoader got a makeover last month in terms of its evasion capability. This enabled attackers to remotely access computers while spreading laterally throughout a network.
- Few weeks prior, TrickBot’s creators had distributed a new variant of BazarBackdoor that struck similarities with Conti ransomware. The malware variant was distributed through a malicious Excel file.
Another concerning factor
- Researchers are concerned that the amalgamation of cybercriminal groups can be a potent threat to organizations.
- Several malware gangs have paired up over the past year—such as the FIN6 cybercrime group and the operators of the TrickBot malware—to score more targets under the partnership.
- This as-a-service model has opened doors for cybercriminals to deploy ransomware and many other malware variants through TrickBot trojan.
- The ultimate purpose is to fill criminal skill gaps while driving a thriving cybercriminal economy underground.
‘Where there’s a will, there’s a way.’ Unfortunately, the proverb holds true for even threat actors behind the notorious TrickBot trojan. Even after the takedown of at least 94% of its servers, the trojan has made a big comeback, along with new variants, in less than six months, with the latest attack in January. Security experts explain that legal approaches to handle cyberattackers will always fall short in handling cybercrime groups. These inadequacies will help threat actors, including those behind TrickBot, to stay in the business.