Cybersecurity researchers have opened the lid on the continued resurgence of the insidious Trickbot malware, making it clear that the Russia-based transnational cybercrime group is working behind the scenes to revamp its attack infrastructure in response to recent counter efforts from law enforcement.
“The new capabilities discovered are used to monitor and gather intelligence on victims, using a custom communication protocol to hide data transmissions between [command-and-control] servers and victims — making attacks difficult to spot,” Bitdefender said in a technical write-up published Monday, suggesting an increase in sophistication of the group’s tactics.
“Trickbot shows no sign of slowing down,” the researchers noted.
Botnets are formed when hundreds or thousands of hacked devices are enlisted into a network run by criminal operators, which are often then used to launch denial-of-network attacks to pummel businesses and critical infrastructure with bogus traffic with the aim of knocking them offline. But with control of these devices, malicious actors can also use botnets to spread malware and spam, or to deploy file-encrypting ransomware on the infected…