Trickbot Attack Forces Ohio School District to Cancel Classes : From TrendMicro

Trickbot Attack Forces Ohio School District to Cancel Classes : From TrendMicro
Tuesday, June 25, 2019

Trickbot Attack Forces Ohio School District to Cancel Classes : From TrendMicro

Occassionally, we have news that every client should be aware of, yet few pay attention.  Today, we are re-posting a TrendMicro Article, regarding security.

The specific recommendations given to protect yourself, are recommendations we have been giving for years. Pay Attention!

Tuesday, June 25, 2019, posting an article from May 24, 2019

A school district in Ohio suspended classes on Monday, May 20, because of a Trickbot attack on its network and computers. In a Facebook update posted the day before, the Coventry Local School District announced that its systems were infected by the malware the previous Friday, and that its schools would be closed as work on restoring normal operations continued. 

According to a report by the Akron Beacon Journal, the FBI determined that the infection started with computers in the treasurer’s office of the Coventry Local School District, and went on to affect operations that relied on the district’s network — notably shutting down the phone and heating, ventilation, and air conditioning (HVAC) systems.

[Read: Trickbot adds remote application credential-grabbing capabilities to its repertoire]

Lisa Blough, Coventry Local School District Superintendent, said that while IT personnel noticed the unusual activity on the network, the installed antivirus software did not detect it as malicious. She added that the district did not suspect that a student was involved in the cyberattack. Indeed, the FBI confirmed that an organized crime group is behind the attack, noting that the malware’s goal was to steal banking information or money from affected users. According to Blough, two employees reported having their Amazon accounts compromised in the incident.

As reported by ZDNet, classes resumed the next day, with the reinstallation of more than 1,000 computers.

[Read: Trickbot’s bigger bag of tricks]

Trickbot is considered one of the most dangerous malware strains used by cybercriminals today, what with its modular nature and its constantly changing arrival and distribution methods. In fact, the United States Department of Homeland Security issued in March a security primer on Trickbot in response to the prevalence of attacks using this malware.

A banking trojan, Trickbot was initially used to steal credentials from online banking websites. But its behavior and capabilities have been adjusted by cybercriminals over the years to suit their malicious activities. And it will continue to evolve beyond the usual banking trojan behavior while preying on more unwitting users.

A recent case in point: In another Trickbot variant that we discovered in the same week as the Coventry Local School District class suspension, the malware payload arrives through a legitimate-looking order confirmation email that can circumvent detection as the user is redirected to a known site via an embedded link. However, clicking on the masked link simultaneously downloads Trickbot and proceeds with its malicious routine.

Users and organizations can protect themselves from such spam attacks and phishing techniques that may deliver Trickbot:

Be wary of suspicious emails and messages with attachments or links from unknown senders. Do not download, open, or click attachments or links unless the email comes from a legitimate source.
Enable the multifactor authentication features of your online accounts whenever available.
Use complicated passwords for all your online accounts and change them regularly.
Report lost or stolen devices to your organization’s network administration personnel for them to employ additional authentication measures for stolen or leaked credentials.IT administrators, in particular, should monitor the network for unusual increases in activity for potentially malicious activities as these can alert the organization to attacks or intrusions. They should also install a multilayered protection that can defend systems from malicious emails and URLs, from the gateway to the endpoint.
Posted in Cybercrime & Digital ThreatsMalware

Inspetta will attempt to post timely info, as above, as we receive.
For more info on our services, contact Inspetta at 888-221-0106, Sales at 619-770-7107
Or visit
Or for MLM Software visit

Trickbot Attack Forces Ohio School District to Cancel Classes : From TrendMicro


Only registered users can leave comments.
Comment text:  

What truly set's our MLM Software apart?...
The extensive feature sets, integrated into high-performing and dependable platform, designed to SELL!

Launch in Less than 30 Days!

New Startup or Upgrade Current System

Get Started

Copyright © 2019 MLM Software and Party Plan Central. All rights reserved. | Powered by Inspetta