Microsoft takes down massive hacking operation that could have affected the election



201012081008 01 election ballot 1006 restricted hp video

The company said Monday it took down the servers behind Trickbot, an enormous malware network that criminals were using to launch other cyberattacks, including a strain of highly potent ransomware.
Microsoft said it obtained a federal court order to disable the IP addresses associated with Trickbot’s servers, and worked with telecom providers around the world to stamp out the network. The action coincides with an offensive by US Cyber Command to disrupt the cybercriminals, at least temporarily, according to The Washington Post.
Microsoft (MSFT) acknowledged that the attackers are likely to adapt and seek to revive their operations eventually. But, Microsoft said, the company’s efforts reflect a “new legal approach” that may help authorities fight the network going forward.

Trickbot allowed hackers to sell what Microsoft said was a service to other hackers — offering them the capability to inject vulnerable computers, routers and other devices with other malware.

“Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust,” Microsoft VP of security Tom Burt wrote in a blog post.

He added: “We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems.”

A separate technical report by Microsoft on Monday said Trickbot has been used to spread the Ryuk ransomware. Security experts say Ryuk has been attacking 20 organizations per week, and was reportedly the ransomware that Universal Health Services, one of the nation’s largest hospital companies.

But Trickbot has also been used to spread false and malicious emails containing malware that tried to lure victims in with messaging surrounding Black Lives Matter and Covid-19, Microsoft said.

Microsoft said Trickbot has infected more than 1 million computing devices globally since 2016 and that its operators have acted on behalf of both governments and criminal organizations, but their exact identity remains ambiguous.



Source link

Recent articles

Japan’s New Leader Sets Goal of Being Carbon Neutral by 2050

TOKYO — Japan will be carbon neutral by 2050, its prime minister said on Monday, making an ambitious pledge to sharply accelerate the...

Containerd Bug Exposes Cloud Account Credentials

The flaw (CVE-2020-15157) is located in the container image-pulling process. Source link

Two New Critters Arrive at Disney’s Animal Kingdom

Important: This post contains a big spoiler if you haven’t watched Episode 5 of Magic of Disney’s Animal Kingdom, called Aardvark Love. Some of...

Snail mail: US elex ballots mailed now may not arrive in time | US & Canada News

Voting advocates are warning that ballots mailed in now may not arrive in time to be counted and should be dropped off at...

Leave a reply

Please enter your comment!
Please enter your name here