Check Point (CPR), a Threat Intelligence division of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of global cybersecurity solutions, has discovered a live software service that cybercriminals can use to bypass Endpoint Detection and Response (EDR) protection that has been in use for more than six years. .
You may also like:
Minecraft: all about one of the most famous games in the world
ALL commands for Minecraft and how to run them
Learn how to download and install Minecraft on your PC, MAC and mobile.
REQUIRED mods for all Minecraft players
The best and rarest Minecraft skins (create you too)
The best textures for your Minecraft
Minecraft in the Books: Stories from Beyond Games
Minecraft PE: All About Minecraft Pocket Edition
The best shaders for your Minecraft
Do you want to play Minecraft with your friends? Find out how here!
The clients of the service called TrickGate include known attackers such as Cerber, Trickbot, Maze, Emotet, REvil, Cobalt Strike, AZORult, Formbook, AgentTesla and others. CPR has recorded hundreds of attacks per week in the last two years alone:
● 40 to 650 attacks per week for the last two years;
● Target sectors include manufacturing, education, healthcare, finance and business;
● The most popular malware family used in the last two months is Formbook, which accounts for 42% of the total number of monitored distributions.
The service is transformed and changes regularly, which helped him to go unnoticed for a long time. Although the shell shell has changed over time, the basic building blocks of the TrickGate shellcode are still in use today. Using the service, cybercriminals can spread their malware more easily with less consequences.
Trickgate victims
CPR has been tracking between 40 and 650 attacks per week for the past two years. According to their telemetry, attackers using TrickGate primarily target the manufacturing sector, but also attack targets in education, healthcare, finance, and general business.
The attacks are spreading all over the world, with the largest concentration in Taiwan and Turkey. The most popular malware family used in the last two months is Formbook, which accounts for 42% of the total monitored distributions.
attack flow
There are many forms of stream attack. Shellcode is the core of the TrickGate shell. It is responsible for deciphering malicious instructions and codes and secretly injecting them into new processes.
The malware is encrypted and then packaged using a special procedure designed to bypass the protected system, so many cannot detect the payload statically and at runtime.
Purpose
CPR failed to establish explicit affiliation with TrickGate; researchers speculate, based on the clients they serve, that this is a Russian-speaking underground gang.
TrickGate is a master of disguise. The service has been given a variety of names based on its various attributes, including “emotet wrapper”, “new downloader”, “Loncom”, “NSIS-based cryptor” and many others. We combine facts from previous research and point to a single operation that is offered as a service with a high degree of certainty.
It is noteworthy that many of the greatest attackers of recent years have chosen TrickGate as their tool to break through defense systems. Simply put, TrickGate has amazing stealth and evasion techniques. We are following the emergence of TrickGate, written using various types of code and file languages. But the kernel thread remained relatively stable. The same techniques that were used six years ago are still being used today,” explains Ziv Huyan, Head of Research and Anti-Malware at Check Point Software.
Visit the Check Point website (CPR) for more technical details on the analysis and follow-up by the TrickGate researchers.
About Check Point Research
Check Point provides leading cyber threat intelligence to Check Point Software customers and the wider threat intelligence community. The research team collects and analyzes global cyberattack data stored in ThreatCloud to protect against hackers, ensuring all Check Point products are up to date with the latest protections. The research team is made up of over 100 analysts and researchers who collaborate with other security vendors, law enforcement, and various CERTs.
Talk to us in the comments and tell us if you liked this news and take the opportunity to read more HyperX Alloy Origins keyboard news on our website.
Source : Married Games
