What does the malware do and how can you protect yourself?
As previously reported, cybercriminals are increasingly using the Corona pandemic as a trigger for their attacks. Recently, Microsoft analyzed that TrickBot is one of the most productive malware sent to Microsoft 365 users via email. As part of a recent campaign, a large number of emails were sent on behalf of a non-existent charity organization that allegedly offers free Covid 19 testing – the attachment included an order form contaminated with the malware TrickBot.
Hornetsecurity therefore explains on this occasion how TrickBot attacks behave and how to protect against them.
What is TrickBot?
TrickBot often appears in a particularly dangerous malware combination with Emotet and Ryuk, which aims to encrypt all sensitive files in the system and only releases them again in exchange for ransom payments.
What is happening in the current Coronavirus campaign?
Depending on how lucrative the target hit is evaluated by TrickBot’s analysis, other malicious components such as Ryuk can be downloaded to encrypt sensitive data.
Why are Microsoft 365 mailboxes a popular target?
The number of users of Microsoft 365 is growing rapidly – due to the current situation it can also be assumed that the growth will accelerate once again, as many companies are equipping their home office employees with Microsoft’s cloud-based services. However, Microsoft 365 is also becoming a popular target for cybercriminals due to the increasing number of users. In 2019 alone, the number of attacks on users’ email accounts quadrupled.
The problem is that Microsoft 365 users are easy to identify because the MX records and autodiscover records are publicly available on the net. Users must trust Microsoft’s security mechanisms, but if an attacker gains access to a Microsoft 365 account, all data is available to him without restriction. If an administrator account is even taken over, the attacker can even obtain data from all users in the company.