CISA and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on TrickBot malware. A sophisticated group of cyber criminals are using phishing emails claiming to contain proof of traffic violations to lure victims into downloading TrickBot. TrickBot is a highly modular, multi-stage malware that provides its operators a full suite of tools to conduct a myriad of illegal cyber activities.

To secure against TrickBot, CISA and the FBI recommend users and administrators review AA21-076A: TrickBot Malware as well as CISA’s Fact Sheet: TrickBot Malware for guidance on implementing specific mitigation measures to protect against this activity.

In CISA’s TrickBot fact sheet, they explain TrickBot operators enter environments mainly through phishing campaigns. After they gain initial access, they may execute first or second stage payloads, deploy additional ransomware such as Conti or Ryuk, and load TrickBot into other networks.

TrickBot has evolved its capabilities over time in order to evade security protocols and get the most out of their attacks. SpearTip’s engineers are aware of the evolution of TrickBot and work to defend against threats just like it every minute of the day.

SpearTip’s cyber experts continuously monitor environments 24/7 in our US based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have a direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you think your organization has been breached, call our Security Operations Center at 833.997.7327.