SECURITY ALERT: An Old Nemesis Resurfaces

Heimdal Security reports that the financial trojan, Trickbot has reappeared in a new SPAM campaign. As you may recall, Trickbot targeted US banking companies such as PayPal in the past.

New SPAM emails are now spoofing Dropbox usually carrying the subject line, “A new document is available for download” and carrying an infected link. Once clicked, a malicious document is downloaded via an infected site.

Trickbot uses redirection attacks to malicious sites, while connecting to the user’s real bank site in the background. What the user sees on his or her browser is a fake website emulating the user’s bank web page. This fake website is used to steal logins, authentication codes, etc.

If you have been receiving SPAM emails claiming to be from Dropbox, delete them immediately especially if you do not know the individual or company that supposedly sent the email.

Another caution: even if you do recognize the sender, call them directly to verify the email’s legitimacy. If you can’t verify the email―delete it.

Cyber-criminals are persistent. They’ll constantly change attack vectors to keep them “fresh”.  The tried and true ways of protecting yourself are still effective:

  • Never click on links or open attachments from unknown sources and verify legitimacy even if you recognize the sender.
  • Keep your Operating System, third-party applications and anti-virus programs updated.
  • Backup your data and verify that your backups are operating and are viable.
  • Use strong passwords and activate Multi-Factor Authentication whenever available.
  • Do not operate your workstations using an administrator account.
  • Disable macros in Microsoft Office applications and never enable them if prompted unless you are absolutely sure of the legitimacy of the document and its source (which is almost never if it comes to you in an email attachment).

The majority of attacks against individuals and institutions is through social engineering. Social engineering depends mostly on SPAM emails to deliver their malicious payloads because they know that human beings are the weakest link in security. User education PLUS IT Security measures are the best protection. Don’t become a victim.

 

XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 300+ Petabytes of data with over 800 employees and 9 offices around the globe. Call (845) 362-9675 and let us introduce you to the ultimate defense against data loss—whatever the cause.