Last week, companies cyber security led by Microsoft joined forces to suppress TrickBot, one of the largest malware botnets and cybercrime businesses that exist today in the landscape of threats. Even though Microsoft destroyed the TrickBot infrastructure in the early days, the botnet survived and its operators brought new command-and-control-servers (C&C) to the Internet to continue their business.
However, several cybersecurity sources told ZDNet that they were expecting a TrickBot counterattack, while Microsoft promised to continue its cyber-threatening operation in the coming weeks. In an update released yesterday on the crackdown, Microsoft confirmed a second wave of TrickBot crackdowns.
Microsoft said it had shut down 94% of botnet C&C servers, including the original servers and new ones brought to the Internet by its operators after the first attempt to crash. In particular, the technology giant reported that from the moment it launched its operation until October 18, it shut down 120 of the 128 servers it recognized as Trickbot infrastructure worldwide.
The eight servers that could not be removed last week were classified as Internet of Things (IoT) Appliances. The reason these systems they could not be destroyed immediately was that they were not located in web hosting companies and data centers, while it was not possible to communicate with device owners through "e-mail abuse ”. Additional coordination was needed with local ISPs, but Microsoft said it was currently working to turn off these devices.
According to the cybersecurity company Intel 471, the "remnants" of TrickBot are found in Brazil, Colombia, Indonesia and Kyrgyzstan.
Microsoft has said it cannot say how long TrickBot will survive, but intends to "chase" its infrastructure at least until November 3, when the presidential election will take place. elections of USA. Tom Burt, CVP for Microsoft Security and Customer Trust, says the company is trying to prevent TrickBot from renting access on infected computers, on ransomware gangs, something the TrickBot botnet team is known to have done in the past.
In addition, Microsoft has expressed concern that a ransomware attack may disrupt electoral systems - either directly by encrypting election-related infrastructure directly or indirectly by affecting election-related supply chains.