Microsoft attempts takedown of global criminal botnet
Microsoft on Monday announced legal action to disrupt a large cybercrime digital network that uses more than 1 million zombie computers to plunder bank accounts and spread ransomware. Experts believe that this poses a major threat to the US presidential election.
The operation to turn off offline command and control servers for a global botnet that uses an infrastructure known as a trickbot to infect computers with malware began with an order Microsoft received in federal court in Virginia on October 6 . Microsoft argued that the criminal network is abusing its brand.
"It's very difficult to say how effective it will be, but we are confident that it will have a very long-term impact," said Jean-Ian Boutin, director of threat research at ESET, one of several cybersecurity companies Microsoft has worked with hat Assign the command and control server. "We are sure they will notice and it will be difficult for them to return to the state the botnet was in."
Cybersecurity experts said Microsoft's use of a US court order to convince ISPs to shut down botnet servers is commendable. However, they add that this cannot be successful because too many are not up to par and the operators of Trickbot have a decentralized fallback system and use encrypted routing.
Farsight Security's Paul Vixie said via email, "Experience shows that it is not scalable - there are too many intellectual property rights behind uncooperative national borders." And cybersecurity firm Intel 471 reported no significant impact on Trickbot operations on Monday, forecasting "minor medium to long-term impact" in a report published with The Associated Press.
However, ransomware expert Brett Callow of cybersecurity firm Emsisoft said a temporary Trickbot disruption could, at least during the elections, limit attacks and prevent ransomware from being activated on already infected systems.
The announcement follows a Friday Washington Post report of a major - but ultimately unsuccessful - effort by the U.S. military's Cyber Command to dismantle Trickbot with direct attacks starting last month, rather than asking vendors to host Deny domains used by command and control servers.
A US policy called "Persistent Engagement" empowers US cyber warriors to drag hostile hackers into cyberspace and disrupt their operations with code, which Cybercom did against Russian misinformation jockeys in the 2018 US midterm elections.
Trickbot was developed in 2016 and used by a loose consortium of Russian-speaking cyber criminals. It is a digital superstructure for sowing malware on the computers of ignorant people and websites. Over the past few months, operators have increasingly leased it to other criminals who have used it to sow ransomware, encrypt the data on target networks and paralyze them until the victims pay.
One of the biggest reported victims of a Trickbot-seeded strain of ransomware called Ryuk was hospital chain Universal Health Services, which said all 250 facilities in the US were handicapped in an attack last month that forced doctors and nurses to write on paper and pencil to fall back on.
Homeland Security officials cite ransomware as a major threat to the November 3rd presidential election. They fear that an attack could freeze state or local voter registration systems, disrupt voting, or shut down results reporting websites.
While cybersecurity experts say the operators of Trickbot and affiliated digital crime syndicates are Russian-speaking individuals who are primarily based in Eastern Europe, they warn that they are motivated by profit, not politics. However, they work with impunity without Kremlin interference, as long as their targets are abroad.
"In today's world, Trickbot is kind of a plague," said Alex Holden, founder of Hold Security in Milwaukee, who is closely following his activities on the dark web. "A government that ignores a global plague is more than complacent." ”
Trickbot is malware-as-a-service. Because of its modular architecture, Trickbot can be used as a delivery mechanism for a wide variety of criminal activities. It mainly started out as what is known as a banking Trojan that tries to steal credentials from an online bank account so that criminals can fraudulently transfer cash.
Recently, however, researchers have seen an increase in the use of Trickbot in ransomware attacks that target everything from local and state governments to school districts and hospitals. Ryuk and another type of ransomware called Conti - also distributed via Trickbot - dominated attacks on the US public sector in September, Emsisoft's Callow said.
According to Holden, the reported Cybercom malfunction, which attempted to mix up the configuration through code injections, succeeded in temporarily interrupting communication between command-and-control servers and most of the bots.
"But that's hardly a winning win," he said, adding that the botnet was recovering with new victims and ransomware.
The disruption - in two waves that began September 22nd - was first reported by cybersecurity journalist Brian Krebs.
The AP was unable to immediately confirm the reported Cybercom involvement.
You should check here to buy the best price guaranteed products.
Billie Eilish got 'Eilish' tattooed in the middle of her chest the day after the 2020 Grammys
‘Be how you always are.’ Whoopi, McCain again spar on ‘The View’ as fans weigh in
SCOTUS sides with liberalism in Fulton v. Philadelphia
‘The View’s Whoopi Goldberg & Meghan McCain Apologize Biden-Style After On-Air Temper Flare
Heat wave in West enters Day 6 as entire state of Arizona soars to record highs
Israel-Hamas violence resumes weeks after cease-fire