Threat Advisory: Subway Restaurants Serving TrickBot with New TrickBoot Module

December 17, 2020

On December 12, 2020, Subway UK disclosed that its system used for marketing campaigns was compromised and was used for a phishing campaign distributing TrickBot. The phishing campaign spoofed a Subway order confirmation and targeted customers from the United Kingdom. An investigation into the incident determined that no guest accounts were breached and Subway has begun the process of notifying all impacted customers. Currently, they have yet to provide further details regarding the event as they continue to investigate. This compromise comes right on the heel of the introduction of “TrickBoot” – TrickBot’s latest module which if used provides operators with UEFI-level read and write access which can lead to firmware overwrites and corruption.

For more details on TrickBot Operators and TrickBoot, including the malicious hash download to block and place on blocklists and a comprehensive defensive strategy, download the full report.

For more details including the malicious hash download to block and place on blocklists, and a comprehensive defensive strategy, download the full report.


About Herjavec Group

Dynamic entrepreneur Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world’s most innovative cybersecurity operations leaders, and excel in complex, multi-technology environments. Our service expertise includes Advisory Services, Technology Architecture & Implementation, Identity Services, Managed Security Services, Threat Management and Incident Response. Herjavec Group has offices and Security Operations Centers across the United States, United Kingdom and Canada.

Stay Informed

Follow us on Twitter

Connect with us on LinkedIn