A sophisticated group of cybercriminals are emerging in a new TrickBot malware campaign. To secure your organization, the Cybersecurity and Infrastructure Security Agency and the FBI recommend 10 tips for users and administrators on implementing mitigation measures.
TrickBot is a highly modular, multi-stage malware that allows criminals to conduct a wide range of illegal cyber activities. TrickBot's operators are using phishing emails that claim to have proof of traffic violations to entice users to download TrickBot.
Here are 10 guidelines to protect your organization against TrickBot:
- Provide phishing training to employees and consider updating a policy addressing suspicious emails that says users must report all suspicious emails to security and/or IT departments.
- Mark external emails with a banner noting the email is from an external source to assist users in detecting spoofed email addresses.
- Monitor websites visited and restrict users' access to suspicious or risky websites.
- Implement an antivirus program and a formalized patch management system.
- Implement filters at the email gateway to block suspicious IP addresses.
- Consider using application allowlisting technology to ensure only authorized software is executed, blocking all unauthorized software.
- Enforce multifactor authentication.
- Implement an intrusion detection system to detect malicious network activity.
- Keep up to date with the latest threats and implement appropriate access control lists.
- Disable SMBv1 and replace it with at least SMBv2 to protect networks against propagation modules used by TrickBot.
To read the full list of recommendations, click here.