What to know about the new truebot malware strain

Protect your systems and safeguard your information

By Mark Hoffman

A leader in the IT industry for nearly three decades, Hoffmann has helped small and large businesses take advantage of technology to better serve their customers and employees. Hoffmann is owner of CMIT Solutions of SE Wisconsin.

According to cybersecurity agencies in the U.S. and Canada, a new type of malware is affecting more than 7,000 businesses in both countries. Increasing attacks from the so-called Truebot strain have impacted organizations in the insurance, financial, healthcare, and legal sectors via a vulnerability in the Netwrix Auditor security software.

After the Canadian Centre for Cyber Security and the FBI issued an alert on July 6, the Texas-based company Netwrix urged clients using its Auditor application to disconnect systems running it from the internet until a security patch could be installed. That’s because attackers can execute arbitrary lines of code in the software, taking advantage of the vulnerability to infiltrate networks and steal sensitive information—or encrypt it and then demand a ransom to release it at a later date.

Cybersecurity experts have previously spotted the Truebot malware strain in the wild. But during previous outbreaks in 2017 and 2019, Truebot relied on malicious phishing emails that tried to trick recipients into clicking a hyperlink to execute the malware.

Now, the new remote code tactic eliminates the need for human error, straining the very security systems, such as Netwrix Auditor, that are typically responsible for IT security. Initial reports indicate that major corporations like Airbus, Virgin Airlines, Allianz, and the United Kingdom’s National Health Service use Netwrix Auditor.

What Can You Do to Protect Your Systems and Safeguard Your Information?

CMIT Solutions recommends the following steps to enhance cybersecurity and prevent the Truebot malware strain:

  • Back up your data often. The best way to minimize the impact of malware ransomware attacks is to regularly create multiple backup copies of your information in multiple locations. That renders moot the question of whether to pay a ransom to retrieve your data—and mitigates the worry that stolen information may be used to blackmail your company at a later date. With regular, remote, and redundant backups, you can restore data from a recent backup and return to normal operations quickly and securely.
  • Deploy multi-layered tools like endpoint detection and response (EDR). This advanced cybersecurity tool gives trusted IT providers like CMIT Solutions the ability to monitor every potential entry point into a company’s network. EDR allows you to analyze all internet traffic attempting to connect to your servers, detect malicious activity, identify real-time threats, and block malware and ransomware attempts. Many cybersecurity experts speculate that strains like Truebot may be used by cybercriminals to “test the waters” and look for vulnerable systems. When they see EDR protection around your IT environment, they’ll often move on knowing there’s no chance they can break in undetected.
  • Roll out multi-factor authentication (MFA) and single sign-on (SSO) for all accounts. MFA and SSO have become industry standards. These extra layers of login protocols require a user to enter something they know (a password) followed by something they have (a unique code or push notification typically delivered by text, email, or dedicated SSO app) to confirm their identity. If passwords are stolen via malware strains like Truebot, MFA and SSO can minimize the adverse effects by blocking hackers who try to access networks, databases, and computers via administrative vulnerabilities.
  • Automatically install security updates and software patches. Many computers still run out-of-date applications and older legacy software applications that can pose serious threats. Hackers have targeted everything from popular operating systems like Microsoft’s Windows 7 and Apple’s iOS 16.5 to more niche apps like Netwrix Auditor. The goal is to find a weak spot and then attack it vociferously, stealing as much information as possible before the vulnerability is fixed. When a trusted provider like CMIT Solutions applies automatic updates, those vulnerabilities often only last for hours instead of days and weeks.
  • Rely on an expert for ongoing IT support. In addition to the network security tools outlined above, it takes knowledgeable human beings to proactively protect your business against cybersecurity threats. Instead of waiting for a malware strain to appear, CMIT Solutions monitors client systems 24/7, deploying advanced anti-malware, traffic analysis, and multi-layered solutions to keep every user, every device, and every data set safe. Our 250+ offices and 900+ technicians across North America communicate regularly to share best practices about preventing malware, keeping clients in every industry safe against evolving threats.

CMIT Solutions works around the clock to understand threats like Truebot and enhance protection for thousands of clients across the U.S. and Canada. Each one of our franchisees is a fellow business owner themselves, so they understand important it is to maintain safe day-to-day operations and minimize the risk from malware and ransomware.

If you’re looking for a trusted partner that can keep your company safe, contact CMIT Solutions today. We defend your data, protect your systems, and empower your employees to work safely anytime, anywhere, on any device.