11 August 19, 18:34
(This post was last modified: 11 August 19, 18:47 by harlan4096.)
Quote:Continue Reading
Trickbot and its sneaky ways of disabling Windows Defender without your knowledge. Why you can’t rely on system defenses alone.
Are you relying only on the built-in defenses in your Windows 10 operating system for security? This was never a good idea, but lately, it became even more dangerous. Windows Defender vulnerabilities were uncovered by researchers, far surpassing what users could have expected.
During the past months and even before that, the world of cybersecurity has held its breath over Trickbot updates. The banking Trojan has been around since 2016 and according to recent forensics of it, it has compromised over 265 million email accounts. While the malware is not exactly new, the trickiest part about it (pun intended) is how it manages to adapt.
The most worrisome part of its evolving trajectory is its ability to disable Windows Defender. The latest cybersecurity analysis has revealed that in its latest campaign, Trickbot has been targeting Windows 10 users. Especially in corporate environments (but also inside plenty of home devices), this is the operating system of choice.
How Does Trickbot Work?
Trickbot has been around since 2016 and managed to be a stressful threat ever since. Targeting both individuals and companies, it is a jack of many trades. Every time security has it pinned down and think that a permanent counter has been found, Trickbot resurfaces in an altered form.
This is not about the usual change all malware strains go through to evade detection by simple Antiviruses. Generally, malware developers (hackers) change just a few lines of code to make the malware appear different.
Trickbot’s History of Adapting to Defensive Software
Not so with Trickbot. In this case, whenever Trickbot got reinvented, it also resurfaced with a changed strategy. That’s the main reason for which it wasn’t yet completely eradicated. At the moment, small businesses are the most endangered by Trickbot’s activity.
Over its 3 years of activity, Trickbot wore many disguises and targeted various entities and systems, depending on what was deemed more vulnerable at the time. When it first emerged, it seemed to borrow heavily from Dyrezza, a previous banking Trojan. It also stole data from users via malicious spam.
From its initial emergence, Trickbot proved to be impressively adaptable. It changed tactics from scam emails sending warnings about unpaid bills to account update phishing emails. It could propagate either through infected URLs and malicious email attachments.