fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

TrickBot Malware Dev Extradited to U.S. Faces 60 Years in Prison

TrickBot Malware Dev Extradited to U.S. Faces 60 Years in Prison

A Russian national believed to be a member of the TrickBot malware development team has been extradited to the U.S. and is currently facing charges that could get him 60 years in prison.

38-year old Vladimir Dunaev, also known as FFX, was a malware developer that supervised the creation of TrickBot’s browser injection module, the indictment alleges.

He is the second malware developer associated with the TrickBot gang that the Department of Justice arrested this year. In February, Latvian national Alla Witte, a.k.a. Max, was arrested for writing code related to the control and deployment of ransomware.

Also Read: 5 Types of Ransomware, Distinguished

Old member of the gang

Dunaev was arrested in South Korea in September as he was trying to leave the country. He had been forced to stay there for more than a year due to Covid-19 travel restrictions and his passport expired. The extradition completed on October 20.

Dunaev is believed to have been involved with the TrickBot gang since mid-2016 following a recruitment test that involved creating an application that simulated a SOCKS server and altering a copy of the Firefox browser.

He passed both tests with flying colors, showing skills that the TrickBot gang needed. “He’s capable of everything. Such a person is needed,” reads a conversation between two members of the gang responsible for recruiting developers.

Starting June 2016, the defendant created, modified, and updated code for the TrickBot malware gang, the indictment alleges.

DatesCode description
July 2016 – time of the arrestmodifying Firefox web browser
December 2016 – time of the arrestMachine Query that lets TrickBot determine the description, manufacturer, name, product, serial number, version, and content of the root file directory of an infected machine
August 2016 – December 2018Code that grabs and saves from the web browser its name, ID, type,  configuration files, cookies, history, local storage, Flash Local Shared Objects/LSO (Flash cookies)
October 2016 – time of the arrestCode that searches for, imports, and loads files in the web browser’s ‘profile’ folders; these contain cookies, storage, history, Flash LSO cookies. It also connects to the browser databases to make queries and to modify them
July 2016 – time of the arrestAn executable app/utility to launch and manage a web browser
July 2016 – time of the arrestCode that collects and modifies data entries in Google Chrome LevelDB database, browsing history included

Between October 19, 2017, and March 3, 2018, members of the TrickBot gang that included Dunaev and Witte successfully wired more than $1.3 million from victim bank accounts.

Large, well-organized group

According to the indictment, the TrickBot gang has at least 17 members, each with specific attributes within the operation:

  • Malware Manager – who outlines the programming needs, manages finances, deploys TrickBot
  • Malware Developer – who develops TrickBot modules and hands them to others to encrypt
  • Crypter – who encrypt the TrickBot modules so that they evade antivirus detection
  • Spammer – who use distribute TrickBot through spam and phishing campaigns

Created from the ashes of the Dyre banking trojan in 2015, TrickBot focused on stealing banking credentials initially, via web injection and logging the victim user’s keystrokes.

Also Read: Data Protection Policy: 8 GDPR Compliance Tips

Later, it developed into modular malware that could also distribute other threats. These days, the gang has a preference for dropping ransomware on company networks, Conti in particular.

TrickBot is believed to have infected millions of computers, enabling its operators to steal personal and sensitive information (logins, credit cards, emails, passwords, dates of birth, SSNs, addresses) and steal funds from victims’ banking accounts.

The malware has impacted businesses in the United States, United Kingdom, Australia, Belgium, Canada, Germany, India, Italy, Mexico, Spain, and Russia.

Apart from Dunaev and Witta, the DoJ has indicted other members of the TrickBot gang whose names have not been revealed and are located in various countries, Russia, Belarus, and Ukraine among them.

Dunaev is currently facing multiple counts of aggravated identity theft, wire fraud, bank fraud. as well as conspiracy to commit computer fraud, aggravated identity theft, and money laundering.

All the charges against him come with a maximum penalty of 60 years in a federal prison.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us