Kamso Oguejiofor-Abugu
Published on: July 13, 2023 
The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS), has issued a joint cybersecurity advisory regarding the emergence of new variants of Truebot malware targeting organizations in the United States and Canada.
Truebot, also known as Silence.Downloader, is a botnet that has been utilized by malicious cyber groups like the CL0P Ransomware Gang to gather and exfiltrate sensitive information from their victims.
According to the advisory, older versions of Truebot were primarily delivered through malicious email attachments in phishing campaigns. However, more recent iterations of the malware exploit a remote code execution vulnerability found in the Netwrix Auditor application (CVE-2022-31199) to gain initial access.
“Though phishing remains a prominent delivery method, cyber threat actors have shifted tactics, exploiting, in observable manner, a remote code execution vulnerability (CVE-2022-31199) in Netwrix Auditor — software used for on-premises and cloud-based IT system auditing,” the advisory reads. “Through exploitation of this CVE, cyber threat actors gain initial access, as well as the ability to move laterally within the compromised network.”
To mitigate the risk posed by Truebot malware, the authoring organizations recommend several measures, including increasing phishing awareness among employees, applying patches for the CVE-2022-31199 vulnerability, and updating the Netwrix Auditor to version 10.5.
The advisory also advises organizations to limit the use of the Auditor application to internally facing networks. Failure to follow this recommendation exposes systems to an increased risk of CVE-2022-31199 exploitation.
Organizations are urged to promptly implement the recommended mitigations outlined in the joint advisory, apply patches for CVE-2022-31199, and report any incidents or anomalous activities to relevant authorities such as CISA, the FBI, or the MS-ISAC.
By staying informed, addressing vulnerabilities, and adhering to best practices, organizations can enhance their cybersecurity defenses and protect against the evolving threat of the Truebot malware and similar malicious activities. Continuous monitoring and collaboration with trusted sources and authorities are vital for maintaining a robust defense against cyber threats.
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
- PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
- PlatoESG. Automotive / EVs, Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
- BlockOffsets. Modernizing Environmental Offset Ownership. Access Here.
- Source: https://www.safetydetectives.com/news/cisa-warns-of-truebot-malware-infecting-us-and-canadian-networks/
