According to a recent report, the banking Trojan, Trickbot has been seen in Japan for the first time, just ahead of the holiday season.1 Trickbot is a nasty piece of malware that is designed to access online bank accounts, as well as collect as much personal information as it can for future identity fraud. It was developed in 2016 to target Windows machines and has since evolved into a modular form. In the past, Trickbot campaigns have mainly focused on Western and English-speaking countries, but it seems that the developers are now throwing their net wider, as well as modifying its modules.
It is thought that this new campaign has been timed to coincide with the holiday season when consumer spending is at its highest. It is specifically targeting banks, but e-commerce sites and cryptocurrency exchange platforms, payment cards, and credit unions could also be in its crosshairs. Once activated, the Trojan’s favorite method is to inject code onto banking websites to commit bank fraud. Another module uses the Mimikatz tool to harvest credentials from the victim’s computer.
As well as infection by malicious emails, it appears that Trickbot can also be spread through the Emotet botnet. Also, in January 2019, it was discovered that the notorious ransomware Ryuk could be bundled with Emotet and Trickbot, creating a triple threat. It works like this: Emotet delivers the Trickbot, which gathers banking details. It then harvests the system’s data and sends it back to the command and control server. If it is determined that the information indicates a worthwhile and vulnerable target, then Ryuk is deployed, and all files on the victim’s system become encrypted.
With Trickbot being detected in Japan, it throws open the potential that it could be exposed to this triple threat. Banks, financial institutions, and businesses all need to be on high alert and take steps to make sure that their cybersecurity measures are as tight as possible. In particular, updates and patches should be installed on software as they are issued, and staff should be educated to recognize BEC (business email compromise) scams and other suspicious activity. Prevention and detection measures are advisable, as is segregating different parts of the network. And data must be backed up in a separate location.
Currently, Japan is experiencing great concerns about its cybersecurity, not least because it is hosting the 2020 Olympics. Over the past year, it has seen embarrassing cyberattacks that have targeted large firms such as 7-11, Toyota, and Uniqlo. However, it has not yet experienced any significant incidents impacting utilities or security. A report by the Pew Research Center listed Japan as one of four nations that considered cyberattacks to be a greater threat than any scenarios included in the survey, including climate change.2 While Japan has stepped up its efforts to strengthen its cybersecurity, just over half of those asked in another study thought the country would not be able to handle a serious attack.3 This attitude was certainly not helped during the aftermath of the 7-11 attack when the cabinet minister for cybersecurity admitted that he was not aware of certain principles of security, such as multiple authentication. In addition, according to The Japan Times, ’Japan ranks as one of the worst offenders for enabling spam – a common vehicle for spreading malware – and remains a prime target for botnets…’ 4
The government is working hard to close all of the remaining open doors to cybercriminals. However, in the meantime, it is up to individuals, institutions, and businesses to take the lead and make sure that this triple infection cannot get a foothold. In other words, we need access to Japanese-language cybersecurity awareness content that is user friendly and engaging. These videos need to be accessible and easily deployable to every man, women and child. Shameless plug is to point our readers to Saya University’s Cyber Awareness platform!
- Limor Kessem co-authored by Itzik Chimino, ‘Trickbot Widens Infection Campaigns in Japan Ahead of Holiday Season,’ Security Intelligence, 12/03/2019, accessed at https://securityintelligence.com/posts/trickbot-widens-infection-campaigns-in-japan-ahead-of-holiday-season/
- Kat Devlin, ‘Cybersecurity Threat Looms Large in Japan,’ The Japan Times, 07/01/2019, accessed at https://www.japantimes.co.jp/opinion/2019/07/01/commentary/japan-commentary/cybersecurity-threat-looms-large-japan/