Category Archives: TrickBot

Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang

Posted on by

Ransomware has become the number one cyber threat to organizations, making up nearly 25% of attacks IBM X-Force Incident Response remediated in 2020. Ransomware is making headlines on a regular basis due to the high impact of certain attacks on victims in critical industries. It’s unlikely that the pace of attacks will slow down in […]

The post Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang appeared first on Security Intelligence.

Continue reading Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang

New Trickbot attack setup fake 1Password installer to extract data

Posted on by

By Waqas
The fake 1Password installer is used to launch Cobalt Strike helping the attackers collect information about multiple systems in the network.
This is a post from HackRead.com Read the original post: New Trickbot attack setup fake 1Password ins… Continue reading New Trickbot attack setup fake 1Password installer to extract data

Hackers are using CAPTCHA techniques to scam email users

Posted on by

More email users fell for scams using CAPTCHA technology in 2020, a new report from security firm Proofpoint shows. The technique, which uses a visual puzzle to help authenticate human behavior, received 50 times as many clicks in 2020 compared to 2019. That’s still only a 5% overall response rate, researchers note. Comparatively, one in five users clicked attachment-based emails with malware disguised as Microsoft PowerPoints or Excel spreadsheets. Campaigns using attachments to hide malware made up one in four of the attacks researchers at Proofpoint monitored. “Attackers don’t hack in, they log in, and people continue to be the most critical factor in today’s cyber attacks,” Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint said in a statement. Researchers found that quantity continues to beat quality in email attacks. Proofpoint found that the highest number of clicks came from a threat actor linked to the Emotet botnet. […]

The post Hackers are using CAPTCHA techniques to scam email users appeared first on CyberScoop.

Continue reading Hackers are using CAPTCHA techniques to scam email users

REvil ransomware gang sites go dark, for reasons that remain unclear

Posted on by

The ransomware gang behind a string of recent attacks that netted tens of millions of dollars may have been too successful for its own good. REvil, the Russian-speaking hacking crew that claimed responsibility for a hack at the IT firm Kaseya that yielded perhaps thousands of victims, largely went dark Tuesday morning, according to multiple security researchers. The dark web site where REvil typically posts victim data and a payment site suddenly went down, while one site apparently ceased responding to Domain Name System requests. The cause of the outages was not immediately clear. Ransomware gangs frequently shutter their operations, update their tradecraft or evolve into different extortion techniques after profitable periods. The White House recently said it reserves the right to “take any necessary action to defend its people and its critical infrastructure” in the face of costly digital extortion attacks. REvil, widely suspected to be based in Russia, […]

The post REvil ransomware gang sites go dark, for reasons that remain unclear appeared first on CyberScoop.

Continue reading REvil ransomware gang sites go dark, for reasons that remain unclear

White House weighs cracking down on secret ransomware payments, pursuing hackers

Posted on by

Going on offense against attackers and penetrating the secrecy surrounding attacks are two ways the Biden administration is pondering to tackle ransomware, a top White House official said on Tuesday. Anne Neuberger, the deputy national security adviser, said that that a joint FBI, U.S. Cyber Command and private sector effort to cripple the Trickbot botnet, a hacking tool that U.S. officials had feared would disrupt 2020 election season, should be the kind of operation used to tackle ransomware gangs in the future. “Certainly that serves as a model to say where we identify actors and infrastructure that are used … to conduct ransomware attacks, we want to ensure that we make it a lot harder for those actors to operate,” Neuberger said at an event hosted by the Silverado Policy Accelerator, a nonprofit think tank. In advance of the 2020 election, Cyber Command and Microsoft led missions to weaken Trickbot, […]

The post White House weighs cracking down on secret ransomware payments, pursuing hackers appeared first on CyberScoop.

Continue reading White House weighs cracking down on secret ransomware payments, pursuing hackers

How Does One Get Hired by a Top Cybercrime Gang?

Posted on by

The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot, a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware.

Just how did a self-employed web site designer and mother of two come to work for one of the world’s most rapacious cybercriminal groups and then leave such an obvious trail of clues indicating her involvement with the gang? This post explores answers to those questions, as well as some of the ways Trickbot and other organized cybercrime gangs gradually recruit, groom and trust new programmers. Continue reading How Does One Get Hired by a Top Cybercrime Gang?

Trickbot indictment demonstrates how one hacking tool built on older malware

Posted on by

More than five years ago, Russian authorities reportedly raided a Moscow-based film company affiliated with the scammers behind Dyre, a notorious piece of malicious software linked with tens of millions of dollars in losses. No charges against the hackers were made public, but scams using the Dyre banking trojans seemed to abruptly disappear. A U.S. indictment unsealed last week confirmed what security researchers had long suspected: From the ashes of Dyre sprung TrickBot, a piece of malicious code that has caused untold financial costs by infecting tens of millions of computers worldwide and playing a part in a series of ransomware attacks. TrickBot rose to such prominence, and menace, that U.S. military hackers took aim at its infrastructure ahead of the 2020 election to reduce the potential for ransomware attacks that could disrupt the vote. The episode exemplifies how cybercriminal groups can evolve and, drawing on old hacking tools, haunt […]

The post Trickbot indictment demonstrates how one hacking tool built on older malware appeared first on CyberScoop.

Continue reading Trickbot indictment demonstrates how one hacking tool built on older malware

Latvian national charged with writing malware used by Trickbot hackers

Posted on by

U.S. prosecutors have charged a 55-year-old Latvian national with developing computer code used in tandem with the infamous malicious software known as TrickBot, which has defrauded countless people while infecting tens of millions of computers worldwide. The defendant, known as Alla Witte, was arraigned in a federal court in Cleveland on Friday after being arrested in Miami in February, the Justice Department said. She is accused of being part of a criminal organization that operated in Russia, Belarus, Ukraine and Suriname, and which infected the computers of hospitals, schools, public utilities and government agencies in the U.S. Witte wrote “code related to the control, deployment, and payments of ransomware,” the Justice Department said in a press release. She also allegedly provided computer code to other members of the criminal group that tracked users of the TrickBot malware. The malicious code was designed to steal banking login credentials, credit card numbers […]

The post Latvian national charged with writing malware used by Trickbot hackers appeared first on CyberScoop.

Continue reading Latvian national charged with writing malware used by Trickbot hackers