fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Trickbot Malware Now Maps Victims’ Networks Using Masscan

Trickbot Malware Now Maps Victims’ Networks Using Masscan

Image: Karlis Reimanis

The Trickbot malware has been upgraded with a network reconnaissance module designed to survey local networks after infecting a victim’s computer.

This new module, dubbed masrv, uses the open-source masscan tool, a mass port scanner with its own TCP/IP stack and capable of scanning large swaths of the Internet in a matter of minutes.

Trickbot uses the network scanner module to map the victims’ networks and send home information on any devices with open ports.

Still testing the waters

The module is deployed as a Windows DLL file, with a 32-bit or 64-bit architecture depending on the system the malware has infected.

“Both DLLs we observed are debug builds and log their execution into standard output,” as Kryptos Logic Vantage Team said in a report published on Monday.

Also Read: Computer Misuse Act Singapore: The Truth And Its Offenses

This hints at the module being in a test phase, with Trickbot gang still testing waters to see if using a network mapping could help them boost the number of infected devices and their malware’s efficiency.

All the info on network devices with open ports is exfiltrated to the malware’s command-and-control server for the malware operators to decide if the discovered machines are worth adding to the botnet.

Module C2 requests
Module C2 requests (Kryptos Logic Vantage Team)

The TrickBot gang has previously released a standalone reconnaissance tool known as LightBot in the form of a PowerShell script used for scoping out an infected victim’s network for high-value targets.

“This new module is an indication of the actor’s continued investment in improving their network reconnaissance toolkit, even after recent disruption efforts,” the Kryptos Logic researchers added.

Microsoft and other security firms disrupted the Trickbot botnet following a coordinated operation that led to the takedown of Trickbot C2 servers in October 2020.

Even though this operation managed to disable roughly 94% of Trickbot’s critical infrastructure, the tough to kill botnet bounced back in January 2021 with a new series of phishing emails and lures.

Frequently updated malware

Trickbot is a malware strain that surfaced in October 2016 as modular banking malware. Since then, it was continuously upgraded with new modules and features.

Although initially used only for harvesting sensitive data, Trickbot has evolved into a highly dangerous and prevalent malware dropper that will deliver additional, usually a lot more dangerous, malware payloads.

This usually happens after all useful information — including system info, credentials, and any interesting files — has been already collected and exfiltrated.

Also Read: Personal Data Websites: 3 Things That You Must Be Informed

Trickbot is particularly dangerous to enterprises since it propagates through corporate networks and, if it gets admin access to a domain controller, it will steal the Active Directory database to collect more network credentials.

Last month, Trickbot’s developers have added another new module designed to probe infected devices for UEFI vulnerabilities, which would give the malware ultimate control over compromised machines.

With access to the UEFI firmware, the Trickbot gang would be able to establish persistence that can’t be removed even after operating system reinstalls or storage drives replacements.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us