Tricky Malware Morphs Into Online Banking Threat
By: Jim Stickley and Tina Davis
September 24, 2018
TrickBot banking Trojan has been waging malware attacks since 2016. Today it’s clear there is a stronger and more insidious version of this Trojan that’s focusing its efforts on U.S. financial institutions. Originally, TrickBot was a spam-centered Trojan stealing credit card and other financial data. It’s now morphed into a virus that injects malware into banking systems, locking computers and their functions. Considering the scale of a corporate banking network, hundreds of computers can be locked at the same time, affecting critical system functions.
The latest version of TrickBot not only steals login credentials but can also deliver other malicious programs that can lock a home PC or if it gets on a corporate network, lock entire systems. This gives a much bigger financial haul than the measly payment card information of the past. Using extortion tactics like ransomware are lucrative and effective, with hackers knowing ransomware puts victims in a lose-lose situation. If a company doesn’t pay the ransom, their systems are down until restored and hopefully protected from future attacks. Paying-up sends a message that the ransom plan worked, giving cyber thieves no reason to stop further attacks.
Experts believe TrickBot is in a constant state of development. For the moment, it appears that the screen locking is not fully functioning. However, the next version will likely be bigger and meaner – so look out. They also believe the Trojan is morphing into a malware-dropper, picking and choosing what to dump onto a system. It's also targeting systems that are not patched with the security updates.
TrickBot’s success should also be sending a message to businesses about the importance of cyber security. Having a good cyber defense can be the best offense, and it keeps customers and data systems safe. Paying a ransom or not paying is never an easy choice. If nothing else, it should force a company to find out what allowed the attack to begin with. Taking stock of cyber security basics can help prevent making that difficult decision when your back is against the wall.
How to Avoid TrickBot
- Keep security patches updated as soon as they’re available, as well as system updates. Consider bolstering security with other software options.
- Have a solid backup system. Should ransomware strike, important files can quickly be restored.
- If security procedures and backups aren’t used, consider ahead of time what your response to a ransomware attack will be. Quick responses can limit the length and extent of damages. Remember, doing things the right way can prevent attacks overall.