Skip to content

OPLIN 4Cast #720: Can Trickbot be shattered before the election?

Posted in 4cast, and Security

Last updated on November 24, 2020

Last week, Brian Krebs broke the story that some unknown actor was trying to disrupt Trickbot, an enormous collection of two million infected computers which provides one of the most active Malware-as-a-Service platforms. It turns out these disruptions were coming from multiple directions: the Department of Homeland Security and separately from a coalition of tech companies. The botnet was not permanently damaged—in fact, there are reports that ransomware operations are “pretty much back in full-swing“—but this is one way to keep the cybercriminals busy.

  • Cyber Command has sought to disrupt the world’s largest botnet, hoping to reduce its potential impact on the election [Washington Post] “Department of Homeland Security Officials fear that a ransomware attack on state or local voter registration offices and related systems could disrupt preparations for Nov. 3 or cause confusion or long lines on Election Day.”
  • Microsoft and others orchestrate takedown of TrickBot botnet [ZDNet] “According to the coalition’s members, the TrickBot botnet had infected more than one million computers at the time of its takedown. Some of these infected systems also included Internet of Things (IoT) devices.”
  • Microsoft Takes Down a Risk to the Election, and Finds the U.S. Doing the Same [New York Times] “The one-two punch painted a picture of the accelerating cyberconflict underway in the final weeks before the elections. Cyber Command, following a model it created in the 2018 midterm elections, kicked off a series of covert pre-emptive strikes on the Russian-speaking hackers it believes could aid President Vladimir V. Putin in disrupting the casting, counting and certifying of ballots this November. Meanwhile, Microsoft, Symantec and other American companies are doing the same.”
  • Microsoft Uses Trademark Law to Disrupt Trickbot Botnet [Krebs on Security] “A court in Virginia granted Microsoft control over many Internet servers Trickbot uses to plunder infected systems, based on novel claims that the crime machine abused the software giant’s trademarks. However, it appears the operation has not completely disabled the botnet.”

From the Ohio Web Library: