TrickBot Targeting Financial and Cryptocurrency Data

While a great deal of focus for research into botnet trojans is on the multipurpose utility of this malware, many of these same tools are still utilized for direct financial crimes and fraud. This configuration data, provides a prima-facie insight into some of the preferred means for monetary gains by threat actors. An example of this can be found in the most recent rounds of TrickBot malware configurations. These XML documents describe the targeted login pages for online services and the action the malware is to take when a victim visits one. Many of the targeted resources reference the login pages for online banking portals, as many malware tools with financial-crimes capabilities often do. However, TrickBot’s targeting of cryptocurrency wallet services also an interesting insight into this malware’s targeting and its relationship to its predecessor, the Dyre trojan.

Customized Phishing Simulations Keep You “Left of Breach”

Part 3 in a series on being “Left of Breach” in the Phishing Kill Chain.

In part 2 we looked at Self-Enumeration, assessing security and business process gaps that phishing attackers exploit. It’s the first step in being “Left of Breach” (see figure below), the process that builds a proactive phishing defense strategy.

Human Phishing Defense Tackle Box – PhishMe Intelligence™ and IBM QRadar®

PhishMe® and IBM have teamed up to provide security operations with essentials for their phishing defense program. Security teams don’t want standalone security products; they need holistic security solutions and through partner integrations.

That’s why PhishMe and IBM have partnered to help enterprise businesses defend against credential-stealing, malware, ransomware, and Business Email Compromise (BEC) phishing.

Want to Get In Front of Breaches? Be Like the Marines.

Part 1 in our series on being “Left of Breach” in the Phishing Kill Chain.

Too often in the information/cyber security industry, we focus our efforts on mitigation of breaches after they occur, relying on incident response teams to find the needles in the haystack.

According to “Left of Bang: How the Marine Corps’ Combat Hunter Program Can Save Your Life,” (by Patrick Van Horne and Jason A. Riley; Foreword by Steven Pressfield) The Marine’s Combat Hunter training program works on this premise: by understanding what “normal” looks like, we are much more likely to recognize activities and behaviors that are out of place. That recognition, even if based on “gut feel,” becomes the trigger for acting. This approach relies heavily on front-line human assets, not just automation or artificial intelligence, to detect attacks in progress. Most important, it lets you get in front of breaches before they blow up in your face.

Get “Left of Breach.”

In the Marine’s case, it’s acting to get “Left of Bang,” as in bombs and bullets. In anti-phishing programs, it’s getting Left of Breach—taking proactive steps instead of accepting that hackers and other malicious actors will succeed no matter what. In the figure below, it’s everything left of the bullseye.

With a few modifications, the standard security industry kill chain can resemble the Marine Combat Hunter approach.

As you can see in the Phishing Kill Chain above, we focus on baselining an organization and developing human threat reporters throughout the first four steps. This provides 2 things: a starting point for risk analysis and development of targeted simulations (Enumeration, Design, Delivery); and the development of HUMINT (human intelligence), data collection and reporting of suspicious material to incident response teams.

As your anti-phishing program matures, you’ll combine the data your employees report with human-vetted phishing intelligence feeds in Triage. The net: actionable intelligence enabling you to mitigate threats before they happen.

5 steps to getting there:

  1. Be transparent and educate users on standard phishing clues and the purpose of the program.
    • NOTE: Program transparency is key to your success. It builds enthusiasm for the program and a sense of ownership and positive engagement with the organization’s security process.
  2. Baseline your organization’s technical and business process weaknesses for targeting during initial simulations.
  3. Execute diverse simulations and analyze for risk level (e.g. – high susceptibility to active threats)
  4. Design follow-up simulations based on known deficiencies and analysis of initial results.
  5. Stress the importance of reporting in all simulations and awareness activities.

Taking these simple steps is the quickest, most effective way to protect against phishing. Ready to get Left of Breach? Booyah!

Next: part 2 of our “Left of Breach” series examines the first step in the Phishing Kill Chain, Self-Enumeration.

Stay on top of recent phishing and malware threats and attacks trends, delivered straight to your inbox completely free. Subscribe to PhishMe® Threat Alerts today.

10 Ways to Defend Against Business Email Compromise / CEO Email Fraud Scams

Cybercriminals continue to successfully hack and spoof emails to impersonate supervisors, CEOs, and suppliers and then request seemingly legitimate business payments. Because the emails look authentic and seem to come from known authority figures, many employees comply. But later they discover they’ve been tricked into wiring money or depositing checks into criminals’ bank accounts.