After the end of Emotet's reign, which saw its infrastructure taken down by Europol in late January 2021, Trickbot has arrived, which has come to give a lot of headaches, especially to the legal and insurance industries.
Like Emotet, Trickbot is not a "final" malware, it acts as a channel for cybercriminals to deliver the final malicious payload, which can be any other virus.
Trickbot is popular due to its versatility, flexibility, customization, and its successful track record in previous attacks. In 2020, it was the fourth most prevalent malware globally, affecting 8% of organizations.
In 2020, Trickbot played a key role in one of the most costly and high-profile cyberattacks: The Universal Health Services (UHS) case, a leading healthcare provider in the US. UHS was hit by the Ryuk ransomware and the institution claimed that the attack cost it $67 million in lost revenue and costs. Trickbot was used by the attackers to detect and harvest data from UHS systems and deliver the ransomware payload.
The main defence tactic is to make users aware of how they should verify the veracity of a linked email. If a user can correctly identify a malicious or suspicious email and the attachment to follow, the malware will not have a chance to be opened.
IT departments in organizations must make employees aware of how to identify potentially malicious emails.
The use of antivirus software can also help in detecting potential attacks on a system. If the attack is successful, the software can also help remove it.
Enabling multi-factor authentication (MFA) can help prevent TrickBot malware from obtaining all users credentials. Even if an attack is successful, attackers will not have all the pieces needed to be fully authenticated by a system.
In short, even when one major threat is eliminated, others emerge that continue to pose a high risk on networks worldwide.