• Admin

FBI And CISA Warn Trickbot's Latest Attacks Involve DMV

Published: May 04, 2021 on our newsletter Security Fraud News & Alerts Newsletter.



No one is happy about getting an email from the DMV, especially one claiming to have proof of a traffic violation. But what happens next, after opening the email and clicking on a link, ends up much worse than any traffic offense could be. A Trickbot malware infection happens; the latest hacking scheme that involves using the DMV as a phishing lure. This new Trickbot campaign is targeting PCs, and the FBI and Cybersecurity and Infrastructure Security Agency (CISA) have released a joint advisory about this latest addition to Trickbot’s arsenal.


This latest Trickbot iteration using the DMV as cover is highly effective. After receiving an email with unwelcome news from the DMV, most people can’t resist opening it. The email message says there’s a picture of your car during the traffic offense. To see the photo, the target is told to follow a link in the email. The link leads to a compromised website created by the attackers, and once there, targets are told to click on a picture to see proof of their traffic problem. That’s when the real trouble begins and it’s nothing to do with the DMV. Just that one click downloads a JavaScript file that connects to a C&C (command and control) server that downloads Trickbot on the target’s system.


Trickbot is proven to be a powerful tool for cybercriminals who can lease access to infected devices and then customize and deploy the malware themselves. Trickbot is a modular malware, meaning it can be altered by hackers to deliver the payload they desire. Prior attempts by a coalition of security professionals once tried to disrupt Trickbot, but it didn’t last for long. Within weeks, its malware campaigns were back at it again.



Since 2016, Trickbot has been a major disrupter with its attacks on organizations and individuals alike. Joint recommendations by the FBI and CISA can help protect enterprise from its grasp, and they should be acted upon as quickly as possible.


Having a cyber-smart staff that’s trained on the latest online scams can be an invaluable asset for any company’s cybersecurity. As such, providing ongoing security education for staff of all levels is critically important. And since phishing emails of all types are a hacker’s favorite tool for spreading malware, including socially engineered emails that target individuals by name, all email phishing lures should be explored. Remember, an employee who can flag an email that’s a phishing expedition can help prevent an enterprise from very costly situations.


Their advice continues with a reminder that software should always be updated with the latest patches, as many include security bug fixes that can keep attackers from exploiting the vulnerability. Using multi-factor-authentication (MFA) across an entire network can prevent login credentials from being stolen, or at least not as easily as hackers would prefer. Remember, all it takes is one wrong click to upend and entire organization, so click wisely.


Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com

3 views0 comments