Seriously Risky Business Newsletter
October 13, 2020
Srsly Risky Biz: Tuesday, October 13
Presented by

Your weekly dose of Seriously Risky Business news is supported by the Cyber Initiative at the Hewlett Foundation.
In late September, private sector threat analysts planning a takedown of the TrickBot botnet were surprised to discover that somebody was already a step ahead of them.
On September 22 and again on October 1, an unknown party pushed a new configuration file to TrickBot infected-devices that redirected command and control (C2) traffic back to the infected machine's own loopback address (127.0.0.1). The attacker also fed bogus records into TrickBot's database of infected devices.