U.S. Cyber Command Behind Trickbot Tricks — Krebs on Security


A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet, a malware crime machine that has infected millions of computers and is often used to spread ransomware. A new report Friday says the coordinated attack was part of an operation carried out by the U.S. military’s Cyber Command.

UScybercommand

Image: Shuttstock.

On October 2, KrebsOnSecurity reported that twice in the preceding ten days, an unknown entity that had inside access to the Trickbot botnet sent all infected systems a command telling them to disconnect themselves from the Internet servers the Trickbot overlords used to control compromised Microsoft Windows computers.

On top of that, someone had stuffed millions of bogus records about new victims into the Trickbot database — apparently to confuse or stymie the botnet’s operators.

In a story published Oct. 9, The Washington Post reported that four U.S. officials who spoke on condition of anonymity said the Trickbot disruption was the work of U.S. Cyber Command, a branch of the Department of Defense headed by the director of the National Security Agency (NSA).

The Post report suggested the action was a bid to prevent Trickbot from being used to somehow interfere with the upcoming presidential election, noting that Cyber Command was instrumental in disrupting the Internet access of Russian online troll farms during the 2018 midterm elections.

The Post said U.S. officials recognized their operation would not permanently dismantle Trickbot, describing it rather as “one way to distract them for at least a while as they seek to restore their operations.”

Alex Holden, chief information security officer and president of Milwaukee-based Hold Security, has been monitoring Trickbot activity before and after the 10-day operation. Holden said while the attack on Trickbot appears to have cut its operators off from a large number of victim computers, the bad guys still have passwords, financial data and reams of other sensitive information stolen from more than 2.7 million systems around the world.

Holden said the Trickbot operators have begun rebuilding their botnet, and continue to engage in deploying ransomware at new targets.

“They are running normally and their ransomware operations are pretty much back in full swing,” Holden said. “The are not slowing down because they still have a great deal of stolen data.”

Holden added that since news of the disruption first broke a week ago, the Russian-speaking cybercriminals behind Trickbot have been discussing how to recoup their losses, and have been toying with the idea of massively increasing the amount of money demanded from future ransomware victims.

“There is a conversation happening in the back channels,” Holden said. “Normally, they will ask for [a ransom amount] that is something like 10 percent of the victim company’s annual revenues. Now, some of the guys involved are talking about increasing that to 100 percent or 150 percent.”



58

Tags: alex holden, Hold Security, national security agency, The Washington Post, trickbot, U.S. Cyber Command



Source link

Recent articles

Welcome to FIFA.com News – Happy 80th birthday to ‘The King’

Today is Pele’s 80th birthday ‘The King’ left an incomparable legacy in...

A Colorado Wildfire Just Climbed Over the Rockies. In October.

Smoke rises from a wildfire in Colorado on Thursday.Photo: David Zalubowski (AP)Every time you think you’ve seen it...

Lifetime Deal: “Master Addons” for Elementor / WordPress

Quickly and easily create your own stunning website with this Master Addons and Elementor for WordPress combo deal. Boost your design creativity today...

Arctic Wolf Valued at $1.3 Billion After $200 Million Funding Round

Security operations company Arctic Wolf on Thursday announced the closing of a $200 million Series E funding round that values it at $1.3...

Top Investigator in Google Case Says There ‘Was Not a Rush’ to Sue

Jeffrey A. Rosen, the deputy attorney general, wouldn’t normally oversee an antitrust investigation into Google. It would usually fall to the head of...

Leave a reply

Please enter your comment!
Please enter your name here