How To Protect Your Network From Trickbots
The National Cyber Security Center has updated their guidelines on how to protect your establishment from Malware and Ransomware, with their main addition being advice on keeping an offline backup of your data. You can take a look at the full guidelines here
They have also released new information and advice on ‘Trickbots’ which we’ve detailed below.
What is a Trickbot?
A Trickbot is a trojan virus used by cyber attackers which targets your business or school through phishing emails, designed to appear as though they have been sent from a trusted source. These emails will often contain an attachment which users are instructed to open, leading to their machine being compromised and subsequently exploited.
After your machine is infected, attackers don’t need any sort of interaction from their victims. A Trickbot can download malicious files such as remote access tools and access your online accounts meaning they can steal information such as, banking information, login details, memorable information and web history, in doing this they can commit identity fraud. A Trickbot can also infiltrate a network and when inside it, implement other malware, including ransomware and post-exploitation toolkits.
How can you protect yourself from a Trickbot?
Protecting your business or school from cyber attacks is crucial to prevent any personal information from yourself, employees or students getting into the wrong hands. Something to take into consideration is ensuring your passwords and memorable information are unique to each account, not easy to guess and are strong enough to withstand a brute force attack (submitting many password variations until the correct one is entered).
Make sure your business or school is using the latest antivirus software to make sure all your devices are better protected, this should detect and help remove any malicious software. As mentioned before changing your passwords to make them stronger is great, but why not make them even more secure with two-step verification. This means to log in a user is required to verify the attempt on more than one device, usually a code sent to a phone for example. Your business or school should try and use cloud or internet-connected services that can offer a form of multi-factor authentication where possible, with all users opting in.
Implementing network segregation will also help protect your network, this means having a secure network that only your business or school have access to. Creating a separate network for customers or guests visiting a school will mean that they won’t have access to the same Wi-Fi as employees, teachers or students. This will help prevent unwanted people (cyber attackers) from joining the business or school Wi-Fi and accessing important information.
The attacker will usually try and compromise additional hosts and escalate their privileges, ultimately gaining control of their target (such as a domain controller, a critical system, or sensitive data). Preventing lateral movement through your network can make it more difficult for an attacker to access the parts of your network containing sensitive information.
Whitelisting permitted applications can help prevent malicious applications from running on your devices. Also consider doing an offline backup to store important data, this can reduce the impact of ransomware as you have your data stored elsewhere.
If a Trickbot does manage to get access to your account information and attempts to access any accounts, you should be notified of unusual activity, such as a login from a device or location you haven’t logged in from before. If you have accessed your online banking whilst at work, check your bank statements or credit card statements for any suspicious activity. If you spot anything you don’t recognise on your account, you should report it to your bank.
If your network has been infected by a Trickbot, advise employees to change their passwords and memorable information to their online accounts, and it would be good practice to reset all student passwords too in a school’s case. If you think you have been a victim of fraud then contact action fraud so they can advise you on what to do, or call 0300 123 2040 to talk to the fraud and cybercrime specialists.