Trickbot new entrant in the Indian Online Banking Cyberspace
Trickbot has expanded its attack vector and has truly gone global and targets numerous banks, payment processors and CMS systems.
Ransomware is not the only prevalent threat these days; there are threats too which have been making their foray. We, humans, tend to forget that security is an on-going process and is not limited to one single threat. We have to be on our toes 24x7 and be alert at all times, ensure that all the SOPs are adhered to and also ensure regular audits of all the security processes and procedures.
For past few weeks, Ransomware has gained notoriety specifically due to the exploits used by WannaCry Ransomware, however during the same period, TrickBot a banking. Trojans too were working towards stealing banking credentials and gaining access to the banking accounts of the victims.
Thanks to the release of the source code of Zeus Bot a couple of years ago, we have observed a rise in Trojans which share the same/similar codebase with that of Zeus. On these similar lines, Trickbot shares many similarities with Dyre yet another banking malware.
Trickbot’s configuration contains the list of Banking URLs which when accessed by the victim would be intercepted and exploited. In recent weeks, Trickbot has expanded its attack vector and has truly gone global and targets numerous banks, payment processors and CMS systems.
Targeting CMS systems provides Trickbot with the access credentials which can then be further leveraged to carry out targeted attacks which include spear phishing attacks and up to a certain extent water holing attacks.
Recently, Trickbot added a couple of Indian Banks to its configuration viz. SBI Bank and ICICI considering their huge consumer base, however, we are yet to observe any active attack on the consumers.
Moreover, in coming weeks/months we expect much larger campaigns targeting Indian Online Banking Customers and a few more Indian banks to be added by Trickbot into its configuration. Furthermore, based on the success of Trickbot, we may also observe other banking Trojans sneaking into the Indian Cyberspace.
We at eScan believe that it is our duty to be proactive in alerting the users about the potential attacks, which will assist them to take necessary precautions. Moreover, eScan users are protected from the threats posed by Trickbot and all the other Banking Trojans.
Advisory:
1: Net-banking users should implement an Antivirus/Internet Security Suites on all of their devices including their mobile phones.
2: Regularly apply the patches, which have been released by Software Vendors.
3: Implement Email Gateway security solutions to protect your organisation from malicious emails.