Light Dark
August 13, 2018 By Shane Schick 2 min read

Trickbot has formed a partnership with another banking Trojan, IcedID, to help distribute each other’s malware more widely — and possibly co-develop new capabilities.

A July 2018 Fortinet investigation into recent attacks using Trickbot showed that it was not only infecting victims’ networks to steal information, but also sending commands via its command and control (C&C) server to download the latest versions of IcedID. IcedID, a banking Trojan that spreads spam via email, was first discovered by IBM X-Force researchers late last year.

Trickbot, meanwhile, has been downloaded by IcedID in other campaigns.

When Two Trojans Are Worse Than One

Cybercriminals were once relatively territorial in how they worked. For instance, one of the first steps a banking Trojan might take upon penetrating an organization’s defenses would be to kill or remove competitive malware. The collaboration between Trickbot and IcedID suggests greater cooperation among groups of hackers who are subjecting victims to several exploits at once.

The researchers also noted that the two bots are now working similarly in some ways. IcedID, for instance, has added file name obfuscations and file content encryption — just like Trickbot. If banking Trojans are serving as a distribution channel for each other, it’s possible they are also giving each other ideas on how to become even more potent as they develop their next variant.

How “Least Privilege” Can Offer Greater Security

Trickbot and IcedID are not alone, and it may be difficult for even the most robust defenses to keep out every banking Trojan. Instead, IBM Security experts suggest expanding the way security teams think about the principle of least privilege.

By making sure employees can only make use of the applications and other resources they need on a daily basis — not just by role but by specific activities — it can make it more difficult for the likes of Trickbot and IcedID to get access to more credentials if they manage to break in.

Segmenting the network into areas where certain data or resources are under more strict control, meanwhile, could mean cybercriminals would have to work even harder to penetrate further and do damage. It might even be easier to spot them when they try to do so.

Source: Fortinet

 |  |  |  |  | 
Shane Schick
Writer & Editor

More from

December 3, 2024

Third-party access: The overlooked risk to your data protection plan

2 min read - A recent IBM Cost of a Data Breach report reveals a startling statistic: Only 42% of companies discover breaches through their own security teams. This highlights a significant blind spot, especially when it comes to external partners and vendors.The financial stakes are steep. On average, a data breach affecting multiple environments costs a whopping $4.88 million. A major breach at a telecommunications provider in January 2023 served as a stark reminder of the risks associated with third-party relationships. In this…

December 2, 2024

Will arresting the National Public Data threat actor make a difference?

3 min read - The arrest of USDoD, the mastermind behind the colossal National Public Data breach, was a victory for law enforcement. It also raises some fundamental questions. Do arrests and takedowns truly deter cyberattacks? Or do they merely mark the end of one criminal’s chapter while others rise to take their place? As authorities continue to crack down on cyber criminals, the arrest of high-profile threat actors like USDoD reveals a deeper, more complex reality about the state of global cyber crime.…

November 27, 2024

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature