The Canadian Centre for Cyber Security The protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information. More specifically, cyber security includes the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from attack, damage or unauthorized access so as to ensure confidentiality, integrity and availability.
(Cyber Centre), part of the Communications Security Establishment, and its partners are warning about a widespread increase in Truebot malware Malicious software designed to infiltrate or damage a computer system, without the owner's consent. Common forms of malware include computer viruses, worms, Trojans, spyware, and adware.
activity targeting organizations in Canada and the United States.
The joint cyber security advisory is co-signed by:
- The Canadian Centre for Cyber Security (Cyber Centre)
- The Cybersecurity and Infrastructure Agency (CISA)
- The Federal Bureau of Investigation (FBI)
- Multi-State Information Sharing and Analysis Center (MS-ISAC)
Cyber threat A threat actor, using the internet, who takes advantage of a known vulnerability in a product for the purposes of exploiting a network and the information the network carries.
actors are using new variants of Truebot malware to exfiltrate large amounts of sensitive information for financial gain.
While previous Truebot variants were usually delivered via phishing An attempt by a third party to solicit confidential information from an individual, group, or organization by mimicking or spoofing a specific, usually well-known brand, usually for financial gain. Phishers attempt to trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other sensitive information, which they may then use to commit fraudulent acts.
email attachments, newer versions also exploit a vulnerability A flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations.
in the Netwrix Auditor application. This vulnerability allows a malicious actor to move laterally, execute remote code and spread malware at scale.
The advisory contains technical details to help cyber defenders prevent and respond to Truebot malware activity, including delivery methods and indicators of compromise The intentional or unintentional disclosure of information, which adversely impacts its confidentiality, integrity, or availability.
.
The Cyber Centre encourages organizations to implement the recommendations in this advisory.
Canadian organizations that discover Truebot malware activity are encouraged to report it via the My Cyber Portal, or email contact@cyber.gc.ca.
More information on the Truebot joint advisory.
