TrickBot – Page 6 – WindowsTechs.com

Emerging hacking tool ‘EtterSilent’ mimics DocuSign, researchers find

Posted on April 6, 2021 by Shannon Vavra

Hackers are using a new, malleable malicious document builder to run their criminal schemes, according to Intel 471 research published Tuesday. The document builder, known as EtterSilent, has been advertised in a Russian cybercrime forum and comes in two versions, according to the research. One exploits a vulnerability in Microsoft Office, CVE-2017-8570, and one uses a malicious macro. One version of EtterSilent imitates the digital signature product DocuSign, thought when targets click through to electronically sign documents, they are prompted to enable macros. This allows the attackers to target victims with malware. EtterSilent also offers another benefit for criminals looking for the latest tools to run their schemes — the malicious document builder has been crafted to conceal the activities of its operators, and has been constantly updated in recent months to avoid detection, according to Intel 471. “The widespread use of EtterSilent shows how commoditization is a big part of […]

The post Emerging hacking tool ‘EtterSilent’ mimics DocuSign, researchers find appeared first on CyberScoop.

Continue reading Emerging hacking tool ‘EtterSilent’ mimics DocuSign, researchers find→

Emotet, NetWalker and TrickBot have taken big blows, but will it be enough?

Posted on January 29, 2021 by Tim Starks

A trio of operations meant to disrupt ransomware outfits in recent months — two of which came to light this week — could have lasting impacts even if they stop short of ending the threat, security experts say. Researchers are still sizing up the effects of recent busts of the Emotet and NetWalker gangs, but those operations have the potential to be more potent than last fall’s maneuvers against the TrickBot ransomware. In research out Friday, Menlo Security — echoing similar conclusions from other cyber firms — said it saw signs of TrickBot recovering, but the rebound has amounted to just a “trickle.” U.S. Cyber Command and Microsoft had led separate efforts to disrupt the hacking infrastructure of TrickBot, a massive army of zombified computers. The fear was that the botnet could be used to carry out ransomware attacks afflicting the November elections. This week’s two operations might be more promising […]

The post Emotet, NetWalker and TrickBot have taken big blows, but will it be enough? appeared first on CyberScoop.

Continue reading Emotet, NetWalker and TrickBot have taken big blows, but will it be enough?→

Trickbot—New Year | Old Lure

Posted on January 29, 2021 by Vinay Pidathala

2021 will be a challenging year for security professionals. The fall out from the SUNBURST attack and the Solarwinds hack is yet to be fully understood and we all remain in an elevated state of awareness and concern.

Our Threat labs team is cons… Continue reading Trickbot—New Year | Old Lure→

International Action Targets Emotet Crimeware

Posted on January 27, 2021 by BrianKrebs

Authorities across Europe on Tuesday said they’d seized control over Emotet, a prolific malware strain and cybercrime-as-service operation. Investigators say the action could help quarantine more than a million Microsoft Windows systems currently compromised with malware tied to Emotet infections. Continue reading International Action Targets Emotet Crimeware→

TrickBot’s Survival Instinct Prevails — What’s Different About the TrickBoot Version?

Posted on January 26, 2021 by Nir Shwarts

October 2020 saw the TrickBot Trojan, a prominent cybercrime gang’s tool of choice, suffer a takedown attempt by security vendors and law enforcement. Unfortunately, the takedown was not effective, and beyond coming back to life shortly after, TrickBot’s operators released a new and more persistent version of the malware. In this post, IBM Trusteer examines […]

The post TrickBot’s Survival Instinct Prevails — What’s Different About the TrickBoot Version? appeared first on Security Intelligence.

Continue reading TrickBot’s Survival Instinct Prevails — What’s Different About the TrickBoot Version?→

Cyberattacks on Healthcare Spike 45% Since November

Posted on January 5, 2021 by Becky Bracken

The relentless rise in COVID-19 cases is battering already frayed healthcare systems — and ransomware criminals are using the opportunity to strike. Continue reading Cyberattacks on Healthcare Spike 45% Since November→

Emotet Returns to Hit 100K Mailboxes Per Day

Posted on December 23, 2020 by Tara Seals

Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot. Continue reading Emotet Returns to Hit 100K Mailboxes Per Day→

This Week in Security: VMWare, Microsoft Teams, Python Fuzzing, and More

Posted on December 11, 2020 by Jonathan Bennett

There’s a VMWare problem that’s being exploited in the wild, according to the NSA (PDF). The vulnerability is a command injection on an administrative console. The web host backing this console is apparently running as root, as the vulnerability allows executing “commands with unrestricted privileges on the underlying operating system.” …read more

Continue reading This Week in Security: VMWare, Microsoft Teams, Python Fuzzing, and More→

TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions

Posted on December 3, 2020 by Tara Seals

A new “TrickBoot” module scans for vulnerable firmware and has the ability to read, write and erase it on devices. Continue reading TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions→

TrickBot adds firmware tool that researchers say could lead to ‘bricking’ devices

Posted on December 3, 2020 by Tim Starks

The malicious software known as TrickBot has morphed again, this time with a module that probes booting process firmware for vulnerabilities, possibly setting the stage for attacks that could ultimately destroy devices, researchers say. Two cybersecurity companies, Eclypsium and Advanced Intelligence (Advintel), dubbed the TrickBot add-on module “TrickBoot,” since it targets the UEFI/BIOS firmware. Firmware is permanent code programmed into a hardware device, while UEFI and BIOS are two kinds of specifications that manage a device’s start-up. TrickBoot, then, is s a “significant step in the evolution of TrickBot,” the researchers say, that could make TrickBot especially pesty. “Since firmware is stored on the motherboard as opposed to the system drives, these threats can provide attackers with ongoing persistence even if a system is re-imaged or a hard drive is replaced,” they wrote.”Equally impactful, if firmware is used to brick a device, the recovery scenarios are markedly different (and more difficult) than recovery […]

The post TrickBot adds firmware tool that researchers say could lead to ‘bricking’ devices appeared first on CyberScoop.

Continue reading TrickBot adds firmware tool that researchers say could lead to ‘bricking’ devices→