BANKING - TRICKBOT
Banking Trojans steal sensitive information, including banking login details and memorable information, from infected machines. The Trickbot banking trojan is being used in cyber attacks against small and medium-sized businesses, and individuals in the UK and overseas.
Trickbot attacks are designed to access online accounts and obtain Personally Identifiable Information (PII) which can be used to facilitate identity fraud.
Trickbot exploits trusted commercial and government brands using well-crafted phishing emails to infect devices. It then spreads by infecting other devices on a network, and downloads further malware e.g. ransomware.
Proactive action to take now
Run a full scan on all devices using up to date antivirus / anti-malware software, such as Windows Defender. This should detect and remove Trickbot infection.
Protect business and personal banking facilities (including where employees have accessed personal banking from work devices)
- Consider changing passwords and memorable information for any corporate, business or personal internet banking facilities/other online resources accessed from the infected network.
- Review bank and credit card statements for suspicious activity and report any findings to your bank. Advice any employees who have accessed online banking facilities from the affected network to do likewise.
Protect your devices and networks by keeping them up to date
- Apply security patches promptly.
- Use Antivirus and scan regularly to guard against known malware threats.
Use Multi-Factor Authentication (MFA)
Mitigate against password guessing and theft, including brute force attacks by using MFA. MFA can also be called two-step verification or 2-factor authentication (2FA).
Further guidance for IT professional
The NCSC released Trickbot specific guidance which can be found on their website at https://www.ncsc.gov.uk/news/trickbot-banking-trojan
If you've been affected by this or any other type of cyber crime, report the details to Action Fraud (0300 123 2040 / www.actionfraud.police.uk). Always keep an eye out for any suspicious follow up activity as well.