AP

Microsoft attempts takedown of global criminal botnet

Oct 12, 2020, 5:01 PM

cybercrime Trickbot...

FILE - A woman walks in front of the Microsoft stand during the Cybersecurity Conference in Lille, northern France, Wednesday Jan. 29, 2020. Microsoft announced legal action Monday, Oct. 12, 2020 seeking to disrupt a major cybercrime digital network that uses more than 1 million zombie computers to loot bank accounts and spread ransomware, which experts consider a major threat to the U.S. presidential election. (AP Photo/Michel Spingler)

(AP Photo/Michel Spingler)

Microsoft announced legal action Monday seeking to disrupt a major cybercrime digital network that uses more than 1 million zombie computers to loot bank accounts and spread ransomware, which experts consider a major threat to the U.S. presidential election.

The operation to knock offline command-and-control servers for a global botnet that uses an infrastructure known as Trickbot to infect computers with malware was initiated with an order that Microsoft obtained in Virginia federal court on Oct. 6. Microsoft argued that the crime network is abusing its trademark.

“It is very hard to tell how effective it will be but we are confident it will have a very long-lasting effect,” said Jean-Ian Boutin, head of threat research at ESET, one of several cybersecurity firms that partnered with Microsoft to map the command-and-control servers.

“We’re sure that they are going to notice and it will be hard for them to get back to the state that the botnet was in.”

OTHER TECH STORIES:  Dave & Dujanovic: The dark web and its dangers for kids

Cybersecurity experts said that Microsoft’s use of a U.S. court order to persuade internet providers to take down the botnet servers is laudable. But they add that it’s not apt to be successful because too many won’t comply and because Trickbot’s operators have a decentralized fall-back system and employ encrypted routing.

Paul Vixie of Farsight Security said via email “experience tells me it won’t scale — there are too many IP’s behind uncooperative national borders.” And the cybersecurity firm Intel 471 reported no significant hit on Trickbot operations Monday and predicted “little medium- to long-term impact” in a report shared with The Associated Press.

But ransomware expert Brett Callow of the cybersecurity firm Emsisoft said that a temporary Trickbot disruption could, at least during the election, limit attacks and prevent the activation of ransomware on systems already infected.

The announcement follows a Washington Post report Friday of a major — but ultimately unsuccessful — effort by the U.S. military’s Cyber Command to dismantle Trickbot beginning last month with direct attacks rather than asking providers to deny hosting to domains used by command-and-control servers.

A U.S. policy called “persistent engagement” authorizes U.S. cyberwarriors to engage hostile hackers in cyberspace and disrupt their operations with code, something Cybercom did against Russian misinformation jockeys during U.S. midterm elections in 2018.

Created in 2016 and used by a loose consortium of Russian-speaking cybercriminals, Trickbot is a digital superstructure for sowing malware in the computers of unwitting individuals and websites. In recent months, its operators have been increasingly renting it out to other criminals who have used it to sow ransomware, which encrypts data on target networks, crippling them until the victims pay up.

One of the biggest reported victims of a ransomware variety sowed by Trickbot called Ryuk was the hospital chain Universal Health Services, which said all 250 of its U.S. facilities were hobbled in an attack last month that forced doctors and nurses to resort to paper and pencil.

U.S. Department of Homeland Security officials list ransomware as a major threat to the Nov. 3 presidential election. They fear an attack could freeze up state or local voter registration systems, disrupting voting, or knock out result-reporting websites.

While cybersecurity experts say the operators of Trickbot and affiliated digital crime syndicates are Russian speakers mostly based in eastern Europe, they caution that they are motivated by profit, not politics. They do, however, operate with impunity with no interference from the Kremlin as long as their targets are abroad.

Trickbot is a particularly robust internet nuisance. Called “malware-as-a-service,” its modular architecture lets it be used as a delivery mechanism for a wide array of criminal activity. It began mostly as a so-called banking Trojan that attempts to steal credentials from online bank account so criminals can fraudulently transfer cash.

But recently, researchers have noted a rise in Trickbot’s use in ransomware attacks targeting everything from municipal and state governments to school districts and hospitals. Ryuk and another type of ransomware called Conti — also distributed via Trickbot — dominated attacks on the U.S. public sector in September, said Callow of Emsisoft.

Alex Holden, founder of Milwaukee-based Hold Security, tracks Trickbot’s operators closely and said the reported Cybercom disruption — involving efforts to confuse its configuration through code injections — succeeded in temporarily breaking down communications between command-and-control servers and most of the bots.

“But that’s hardly a decisive victory,” he said, adding that the botnet rebounded with new victims and ransomware.

The disruption — in two waves that began Sept. 22 — was first reported by cybersecurity journalist Brian Krebs.

The AP could not immediately confirm the reported Cybercom involvement.

We want to hear from you.

Have a story idea or tip? Send it to the KSL NewsRadio team here.

AP

The steel frame of the Francis Scott Key Bridge sits on top of the container ship Dali after the br...

Nick Perry

Baltimore bridge collapse puts the highly specialized role of ship’s pilot under the spotlight

The highly specialized role — in which a pilot temporarily takes control of a ship from its regular captain — is coming under the spotlight this week.

12 hours ago

Shopping carts are parked outside a Home Depot in Philadelphia...

MICHELLE CHAPMAN AP Business Writer

Home Depot buying supplier to professional contractors in a deal valued at about $18.25 billion

Home Depot will buy SRS Distribution, a materials provider for professionals, in a deal valued at approximately $18.25 billion.

13 hours ago

WASHINGTON, DC - JANUARY 4: A view of the U.S. Supreme Court on Thursday morning January 4, 2024 in...

MARK SHERMAN

Supreme Court again confronts the issue of abortion, this time over access to widely used pill

Two years after the Supreme Court overturned Roe v. Wade and cleared the way for bans or severe restrictions on abortion in many Republican-led states, abortion opponents on Tuesday will ask the high court to ratify a ruling from a conservative federal appeals court that would limit access to the medication mifepristone, which was used in nearly two-thirds of all abortions in the United States last year.

4 days ago

File - The Instagram logo is seen on a cell phone in Boston, USA, Oct. 14, 2022. Instagram has star...

Associated Press

New Instagram feature limits display of political content

Instagram has started an automatic clamp down on the amount of political content appearing in its users' feeds.

4 days ago

ghost army Congressional gold medal ceremony...

JAMIE STENGLE Associated Press

Ghost Army members who staged secret WWII battlefield deceptions awarded Congressional Gold Medal

Three of the seven known surviving members attended the ceremony at the U.S. Capitol.

8 days ago

Brigham Young Cougars center Aly Khalifa (50) shoots against the UCF Knights at the Marriott Center...

DAVE SKRETTA AP Basketball Writer

BYU’s Aly Khalifa heads into March Madness without food or water while observing Ramadan

It is a fast Khalifa is embarking on willingly, yet one that carries with it unusual challenges during the NCAA Tournament.

8 days ago

Sponsored Articles

Mother and cute toddler child in a little fancy wooden cottage, reading a book, drinking tea and en...

Visit Bear Lake

How to find the best winter lodging in Bear Lake, Utah

Winter lodging in Bear Lake can be more limited than in the summer, but with some careful planning you can easily book your next winter trip.

Happy family in winter clothing at the ski resort, winter time, watching at mountains in front of t...

Visit Bear Lake

Ski more for less: Affordable ski resorts near Bear Lake, Utah

Plan your perfect ski getaway in Bear Lake this winter, with pristine slopes, affordable tickets, and breathtaking scenery.

front of the Butch Cassidy museum with a man in a cowboy hat standing in the doorway...

Bear Lake Convention and Visitors Bureau

Looking Back: The History of Bear Lake

The history of Bear Lake is full of fascinating stories. At over 250,000 years old, the lake has seen generations of people visit its shores.

silhouette of a family looking over a lake with a bird in the top corner flying...

Bear Lake Convention and Visitors Bureau

8 Fun Activities To Do in Bear Lake Without Getting in the Water

Bear Lake offers plenty of activities for the whole family to enjoy without having to get in the water. Catch 8 of our favorite activities.

Wellsville Mountains in the spring with a pond in the foreground...

Wasatch Property Management

Advantages of Renting Over Owning a Home

Renting allows you to enjoy luxury amenities and low maintenance without the long-term commitment and responsibilities of owning a home.

Clouds over a red rock vista in Hurricane, Utah...

Wasatch Property Management

Why Southern Utah is a Retirement Paradise

Retirement in southern Utah offers plenty of cultural and recreational opportunities. Find out all that this region has to offer.

Microsoft attempts takedown of global criminal botnet