• December 1, 2021

The Internet’s Most Notorious Botnet Has an Alarming New Trick

In just the last two months, the cybercriminal-controlled botnet known as TrickBot has become, by some measures, public enemy number one for the cybersecurity community. It’s survived takedown attempts by Microsoft, a supergroup of security firms, and even US Cyber Command. Now it appears the hackers behind TrickBot are trying a new technique to infect the deepest recesses of infected machines, reaching beyond their operating systems and into their firmware.

Security firms AdvIntel and Eclypsium today revealed that they’ve spotted a new component of the trojan that TrickBot hackers use to infect machines. The previously undiscovered module checks victim computers for vulnerabilities that would allow the hackers to plant a backdoor in deep-seated code known as the Unified Extensible Firmware Interface, which is responsible for loading a device’s operating system when it boots up. Because the UEFI sits on a chip on the computer’s motherboard outside of its hard drive, planting malicious code there would allow TrickBot to evade most antivirus detection, software updates, or even a total wipe and reinstallation of the computer’s operating system. It could alternatively be used to “brick” target computers, corrupting their firmware to the degree that the motherboard would need to be replaced.

his response
click over here
take a look at the site here
more tips here
helpful resources
check out this site
look at this website
have a peek at this site
the original source
Continue
visit our website
visit this website
go to this website
pop over here
Home Page
Recommended Reading
these details
advice
try these out
check my reference
her comment is here
useful link
Resources
hop over to here
click this link here now
blog link
Continue eading
Click Here
Clicking Here
Go Here
Going Here
Read This
Read More
Find Out More
Discover More
Learn More
Read More Here
Discover More Here
Learn More Here
Click This Link
Visit This Link
Homepage
Home Page
Visit Website
Website
Web Site
Get More Info
Get More Information
This Site
More Info
Check This Out
Look At This
Full Article
Full Report
Read Full Article
Read Full Report
a cool way to improve
a fantastic read
a knockout post
a replacement
a total noob
about his
active
additional hints
additional info
additional reading
additional resources
address
advice
agree with
anchor
anonymous
are speaking
article
article source
at bing
at yahoo
basics
best site
blog

The TrickBot operators’ use of that technique, which the researchers are calling “TrickBoot,” makes the hacker group just one of a handful—and the first that’s not state-sponsored—to have experimented in the wild with UEFI-targeted malware, says Vitali Kremez, a cybersecurity researcher for AdvIntel and the company’s CEO. But TrickBoot also represents an insidious new tool in the hands of a brazen group of criminals—one that’s already used its foothold inside organizations to plant ransomware and partnered with theft-focused North Korean hackers. “The group is looking for novel ways to get very advanced persistence on systems, to survive any software updates and get inside the core of the firmware,” says Kremez. If they can successfully penetrate a victim machine’s firmware, Kremez adds, “the possibilities are endless, from destruction to basically complete system takeover.”

While TrickBoot checks for a vulnerable UEFI, the researchers have not yet observed the actual code that would compromise it. Kremez believes hackers are likely downloading a firmware-hacking payload only to certain vulnerable computers once they’re identified. “We think they’ve been handpicking high-value targets of interest,” he says.

The hackers behind TrickBot, generally believed to be Russia-based, have gained a reputation as some of the most dangerous cybercriminal hackers on the internet. Their botnet, which at its peak has included more than a million enslaved machines, has been used to plant ransomware like Ryuk and Conti inside the networks of countless victims, including hospitals and medical research facilities. The botnet was considered menacing enough that two distinct operations attempted to disrupt it in October: One, carried out by a group of companies including Microsoft, ESET, Symantec, and Lumen Technologies, sought to use court orders to cut TrickBot’s connections to the US-based command-and-control servers. Another simultaneous operation by US Cyber Command essentially hacked the botnet, sending new configuration files to its compromised computers designed to cut them off from the TrickBot operators. It’s not clear to what degree the hackers have rebuilt TrickBot, though they have added at least 30,000 victims to their collection since then by compromising new computers or buying access from other hackers, according to security firm Hold Security.

Leave a Reply

Your email address will not be published. Required fields are marked *