Guest Post: ESET Collaboration Helps Reduce Trickbot Damage

A global partnership to disrupt the Trickbot botnet is already showing signs of significantly reducing cyberattacks aimed at swiping financial data and deploying ransomware.

In September 2020, ESET collaborated with partners Microsoft, Lumen’s Black Lotus Labs, NTT Ltd. and others to prevent businesses around the world from falling prey to Trickbot botnets – one of the top security threats currently prowling cyberspace on the hunt for victims. 

ESET telemetry shows Trickbot detection numbers have plummeted in tandem with the joint disruption effort. Compared to June 2020, Trickbot detections dropped by 7% in July, by nearly 32% in August and by nearly 36% in September.

“Trickbot has been a major nuisance for Internet users for far too long. It’s gratifying to be part of this effort to limit the damage inflicted by this malware and to make it safer for all of us online,” says Jean-Ian Boutin, Head of Threat Research at ESET. 

ESET first detected Trickbot in late 2016, and it has since been recognized as one of the most prevalent banking malware families across the globe. The botnet has infected more than one million computing devices around the world, targeting several different industries – including education, real estate and government – but the most frequently targeted seems to be the financial sector.

Trickbot is known to use phishing emails and other tactics to go after browser-stored passwords, Point-of-Sale systems, and cryptocurrency wallets, as well as banking, email and cryptocurrency exchange credentials. Trickbot’s modular architecture allows it to perform a vast array of malicious actions using a variety of plugins. It can steal all kinds of credentials from a compromised computer and, more recently, has been observed mostly as a delivery mechanism for more damaging attacks, such as ransomware.

While the threat global collaboration appears to have lessened the threat of Trickbot – at least temporarily – it’s still critical for businesses to maintain vigilance for other botnet attacks. ESET’s telemetry shows there has been a recent increase in activities by the botnet Emotet, a destructive Trojan malware spread primarily through spam emails.

Our Emotet detection numbers show an increase in attacks over the past few months. Compared to June 2020, Emotet detections increased by 64% in July, by more than 120% in August and more than 22% in September.

There are a few ways businesses can protect themselves from botnet operations:

  • It is crucial to protect all endpoints with a security solution that has robust detection modules, such as ESET Endpoint Security.
  • Businesses also need to ensure that their networks are always patched with the latest security updates to avoid falling victim to vulnerabilities that threat actors may exploit.
  • Remote ports can provide an access point for hackers, so restrict access as far as possible – especially to remote desktop protocol (RDP) ports. 

To find out more about ESET’s efforts to disrupt the Trickbot botnet, read ESET takes part in global operation to disrupt Trickbot on WeLiveSecurity.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: