Microsoft on Wednesday detailed a previously undiscovered technique put to use by the TrickBot malware that involves using compromised Internet of Things (IoT) devices as a go-between for establishing communications with the command-and-control (C2) servers.
“By using MikroTik routers as proxy servers for its C2 servers and redirecting the traffic through non-standard ports, TrickBot adds another persistence layer that helps malicious IPs evade detection by standard security systems,” Microsoft’s Defender for IoT Research Team and Threat Intelligence Center (MSTIC) said.
TrickBot, which emerged as a banking trojan in 2016, has evolved into a sophisticated and persistent threat, with its modular architecture enabling it to adapt its tactics to suit different networks, environments, and devices as well as offer access-as-a-service for next-stage payloads like Conti ransomware.
The expansion to TrickBot’s capabilities comes amid reports of its infrastructure going offline, even as the botnet has continually refined its features to make its attack framework durable, evade reverse engineering, and maintain the stability of its C2 servers.
Specifically, the new method identified by MSTIC involves leveraging hacked IoT devices such as routers from MikroTik to “create a line of communication between the TrickBot-affected device and the C2 server.”
This also entails breaking into the routers by using a combination of methods, namely default passwords, brute-force attacks, or exploiting a now-patched flaw in MikroTik RouterOS (CVE-2018-14847), followed by changing the router’s password to maintain access.
In the next step, the attackers then issue a network address translation (NAT) command that’s designed to redirect traffic between ports 449 and 80 in the router, establishing a path for the TrickBot-infected hosts to communicate with the C2 server.
While potential connections between TrickBot and compromised MikroTik hosts were hinted before in November 2018, this is the first time the exact modus operandi has been laid bare open. With the malware reaching its limits last month and no new C2 servers registered since December 2021, it remains to be seen how the malware authors intend to take the operation forward.
“As security solutions for conventional computing devices continue to evolve and improve, attackers will explore alternative ways to compromise target networks,” the researchers said. “Attack attempts against routers and other IoT devices are not new, and being unmanaged, they can easily be the weakest links in the network.”
Source of this news: https://thehackernews.com/2022/03/trickbot-malware-abusing-hacked-iot.html
Related posts:
1.Bradley, R. H. & Corwyn, R. F. Socioeconomic status and child development. Annu. Rev. Psychol. 53, 371–399 (2002).Article Google Scholar 2.McPhillips, M. & Jordan-Black, J.-A. ...
Torrenting and torrents are still very much alive and kicking at the moment. One very popular torrent website today is 1337x. However, what happens when such torrent sites get blocked or beco...
House of Sticks: A Memoir, Ly Tran Scribner hide caption toggle caption Scribner House of Sticks: A Memoir, Ly Tran Scribner Ly Tran's memoir House of Sticks bring...
Have you ever tried accessing data on the internet only to realize that it is restricted to your location? In this case, a proxy server can be valuable. Other than unblocking content online, proxy se...
Cloud storages become a leading solution for some individual and organization users due to enhanced data accessibility and safety. That is, many users choose to save their important data to a cloud ...
Its administrator of your personal reports will be Threatpost, Inc., 60 Unicorn Park, Woburn, EPPURE 01801. Detailed information on some processing of personal data is in the privacy policy . I...
VPNs and proxies both obscure your internet protocol (IP) address, making it seem as though you are browsing from a different location. However, while they may have some similar benefits (like spoofi...
Many people find out about proxy server when they start exploring various ways of protecting their expertise online. Over the years, proxies are incredibly very popular both in commercial coupled wi...
Virtual Private Network (VPN) Market extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were ...
News and research before you hear about it on CNBC and others. Claim your 1-week free trial to StreetInsider Premium here. Table of Contents UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washing...
Cloud computing has been around for over two decades and more and more businesses are choosing the cloud over on-site servers because of its scalability, cost-effectiveness, and overall business effi...
<! -- |""|class i|section i. existence|thesaurus of english words and phrases|words expressing abstract relations|%|1. being, in the abstract} Hackers targeting outd...
Most online businesses have an eye for the first position on search engine results pages. This is because the top part attracts a large number of visitors. The top position is also the place where bu...
This tutorial is about the How To Fix ‘502 Bad Gateway Error’ issue. We will try our best so that you understand this guide. I hope you like this blog How To Fix ‘502 Bad Gateway Error’ issue. If you...
Incognito mode is a tool to protect your online privacy. In a browser, it is a private window that makes sure that your personal information such as browsing history, search records cookies, or au...
In this week’s real-time analytics news: NVIDIA made multiple announcements at its GPU Technology Conference, UiPath introed new features, and more. Keeping pace with news and developments in the ...
Introduction NSO Group claims that its Pegasus spyware is only used to “investigate terrorism and crime” and “leaves no traces whatsoever”. This Forensic Methodology Report shows that neither o...
Both VPN and also proxies appear to have become buzzwords in the world of internet security. Few people know the difference or this also actual benefits either with this two options offers, thoug...
