US Security Department Issue Potential Trickbot and Malware Attack Warning to Health Department

 

The United States Healthcare providers have been alerted to vary of Trickbot and ransomware attacks by their Homeland Security department.
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services of US-issued out a warning of "imminent cybercrime threat to US hospitals and healthcare providers" regarding an infection from Trickbot and ransomware. 

Already heavy with the burden of coronavirus, the US health department now faces another cybersecurity threat from Trickbot, one of the largest botnets worldwide, and Ryuk Ransomware, a lethal and savage malware on its own. Even Microsoft recently took legal action against Trickbots earlier this month.

Earlier, Trickbot was a banking trojan attacking users via Webfakes (where it redirects the user to a fake webpage made by the attackers instead of the original banking webpage; accessing the user's login and other credentials) and through WebInjections (wherewith the website that the user is trying to access, some malware injections will be initiated and downloaded). Now with a million infections, Trickbot has evolved into a full-fledged malware.

 "As part of the new Anchor toolset, Trickbot developers created Anchor_DNS, a tool for sending and receiving data from victim machines using Domain Name System (DNS) tunneling," CISA said in the alert. 

Using anchor DNS, lets the malware to bypass the legit DNS and with it bypassing network defense security and evade recognition.

Other countries like the UK and Australia also predict a potential attack by Ryuke or Trickbot. Australian Cyber Security Centre (ACSC) warned Australian companies about Emotet malware, which is used contemporaneity with Trickbot. "Upon infection of a machine, Emotet is known to spread within a network by brute-forcing user credentials and writing to shared drives. Emotet often downloads secondary malware onto infected machines to achieve this, most frequently Trickbot," the ACSC wrote in a warning.


from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/34EFq0H

Comments