The FBI and the Cybersecurity and Infrastructure Security Agency issued a joint advisory warning people about a sophisticated spear-phishing campaign involving the Trickbot malware, reports ZDnet. Trickbot started out as a banking trojan and is now one of the most powerful and common form of malware used by cyber criminals to access infected computers to deliver their own malware and then steal sensitive information like login credentials. The newest campaign uses phishing emails with proof of traffic violations that aim to scare victims into opening the email that contains a link, which directs them to a compromised website controlled by the hackers when clicked. A group of cybersecurity companies attempted to take down Trickbot last year but cyber criminals were able to quickly resume their operations. "To completely remove Trickbot from the landscape would be extremely difficult and likely require a coordinated international law enforcement effort like we saw with Emotet. In fact, after the actions of October 2020, we saw Trickbot campaigns resume within weeks, and it has been active continually since," said Sherrod DeGrippo, Proofpoint's senior director of threat research and detection.
Jill Aitoro is senior vice president of content strategy for CyberRisk Alliance. She has more than 20 years of experience editing and reporting on technology, business and policy. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.
Mismanaged Linux SSH servers are being subjected to a new attack campaign involving the distribution of three new strains of the ShellBot DDoS bot malware, including PowerBots GohacK, LiGhT's Modded perlbot v2, and DDoS PBot v2.0, according to The Hacker News.
Agriculture, administrative, and transportation organizations across the Ukrainian regions of Donetsk, Crimea, and Lugansk have been subjected to a sophisticated ongoing attack campaign with the novel CommonMagic framework and PowerMagic backdoor, reports BleepingComputer.