cloudThing logo in white
Menu open icon
email: info@cloudthing.com
tel: +44 (0) 121 393 4700
Menu closed icon

General

Generally useful pages

Sectors

We know loads about this stuff

What we do

The Building Blocks for cloudThing Magic

Keyboard underlit with red light

Researchers Uncover Trickbot Targeting Telecom Giants

A trickbot campaign using a new module to target Remote Desktop Protocols with a brute-force attack has been discovered

As if the world didn’t have enough to worry about right now, it’s been discovered that hackers have updated the trickbot malware to specifically target telecom firms as well as the education and financial service sectors.

That’s according to research just published by a US cyber security firm who warned the industry that the new version of trickbot has likely been active for two months already and appears to be targeting financial data and intellectual property (IP’s).

 

The new version of trickbot malware (we won’t dignify it by capitalising it), known as rdpScanDIII, has been specially created to conduct brute-force attacks on Remote Desktop Protocols (RDPs).

According to the data released and based on the IP addresses being targeted researchers believe telecom companies are being targeted for the possible purpose of espionage.

 

The new version of the software relies on command-and-control (C2) servers, and as you may know… those are predominantly based in Russia and Northern Europe.

Initially the trickbot malware will download a list of targets, usernames and passwords from said C2 servers. Then, after it’s checked the target is running an RDP service it will carry out a manually ordered brute-force attack on the list of domains.

 

First discovered back in 2016, trickbot malware was created as a banking Trojan, looking for any sensitive information it could get, however, the modular nature of the malware means it’s far too easy to modify it to perform different types of malicious activities.

That modular nature is probably the main reason it’s, unfortunately, become one of the most sophisticated forms of malware attack on the globe today.

With over a dozen known modules that include:

 

  • Reconnaissance software enabling attackers to steal information on systems
  • Software packages that allow a worm-like spread
  • Remote Admin Programmes to access compromised systems

 

In January, cyber-security experts warned that the cyber-criminals behind the trickbot malware have now expanded its offensive capabilities with a  PowerShell-based backdoor, enabling them to target high-value businesses.

The new Trickbot backdoor is designed for persistence, stealth, and reconnaissance on compromised machines.

 

Not ready to get back to work just yet?

Peerz Academy Peer2Peer Tutoring Platform

Cross Pollination In Software Development

Growth Through Disruptive Technology

Contact us

If you're worried about your Cyber-Security in the current climate of working from home then cloudThing are still here to offer any help or advice you may need

Name

*

Company Name

*

Email Address

*

Telephone Number

Is there anything else you'd like us to know?

© cloudThing 2020

email iconinfo@cloudthing.com
© 2020 Copyright cloudThing ltd. All rights reserved. Company registered in England & Wales no. 7510381, VAT no. 152340739