Light Dark
December 11, 2019 By David Bisson 2 min read

A phishing campaign is using payroll-themed emails to trick users into inadvertently infecting their machines with TrickBot.

At the beginning of November, Palo Alto Networks’ Unit 42 research team identified a phishing campaign sending out attack emails whose subject lines referred to payroll and annual bonuses. These emails didn’t arrive with an attachment. Instead, they included links to what appeared to be a Google Docs document. That file, in turn, contained links to malicious files hosted on Google Drive that acted as simple downloaders of TrickBot. Upon execution, the malware established persistence on the infected machine by creating a scheduled task that ran at user login.

As noted by Unit 42, this phishing campaign was unique in that malicious actors used SendGrid, a legitimate email delivery service (EDS), to send out the initial attack emails. They had also used SendGrid to conceal the malicious Google Drive links contained in the Google Docs document.

A Busy Year for TrickBot

TrickBot has certainly been up to some tricks this year. Back in April 2019, for instance, Cybereason observed attackers using the malware in tandem with the Emotet Trojan to deliver samples of the Ryuk ransomware family. That was just a few months before researchers at Deep Instinct discovered TrickBooster, a module that lets TrickBot harvest email credentials and contacts from its victims for the purpose of abusing their inboxes to send out malspam. In August 2019, IBM X-Force confirmed that it had come across a fileless version of TrickBot that did not save its typical modules and configurations to disk on infected Windows machines.

How to Defend Against Malicious Email Campaigns

Security professionals can help defend their organizations against phishing campaigns such as the one described above by using ahead-of-threat detection to monitor for suspicious domains before they become active in a malspam operation. Teams should also leverage artificial intelligence (AI)-powered solutions to help defend against TrickBot and other constantly evolving threats.

 |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

April 15, 2024

CISA releases landmark cyber incident reporting proposal

2 min read - Due to ongoing cyberattacks and threats, critical infrastructure organizations have been on high alert. Now, the Cybersecurity and Infrastructure Security Agency (CISA) has introduced a draft of landmark regulation outlining how organizations will be required to report cyber incidents to the federal government.The 447-page Notice of Proposed Rulemaking (NPRM) has been released and is open for public feedback through the Federal Register. CISA was required to develop this report by the Cyber Incident Reporting for Critical Infrastructure Act of 2022…

April 11, 2024

Ransomware payouts hit all-time high, but that’s not the whole story

3 min read - Ransomware payments hit an all-time high of $1.1 billion in 2023, following a steep drop in total payouts in 2022. Some factors that may have contributed to the decline in 2022 were the Ukraine conflict, fewer victims paying ransoms and cyber group takedowns by legal authorities.In 2023, however, ransomware payouts came roaring back to set a new all-time record. During 2023, nefarious actors targeted high-profile institutions and critical infrastructure, including hospitals, schools and government agencies.Still, it’s not all roses for…

April 10, 2024

What should an AI ethics governance framework look like?

4 min read - While the race to achieve generative AI intensifies, the ethical debate surrounding the technology also continues to heat up. And the stakes keep getting higher.As per Gartner, “Organizations are responsible for ensuring that AI projects they develop, deploy or use do not have negative ethical consequences.” Meanwhile, 79% of executives say AI ethics is important to their enterprise-wide AI approach, but less than 25% have operationalized ethics governance principles.AI is also high on the list of United States government concerns.…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature