Microsoft and United States military intelligence are taking on Trickbot, deeming the botnet – one of the world’s largest networks of computers controlled remotely by cyber criminals – another threat to the fabricated US presidential election.
Trickbot’s network has been used to paralyze hospitals, retirement homes, banks and even city governments. Considered one of the largest and most active cyber-criminal networks in the world, the group has just weathered an assault by Microsoft and US Cyber Command, the military equivalent of the National Security Agency (NSA).
Microsoft described ransomware as “one of the largest threats to the upcoming elections“, explaining in a statement that “adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing on those systems at a prescribed hour optimized to sow chaos and distrust.
According to the Washington Post, Microsoft was authorized by a judge to neutralize a segment of the servers that the cyber-criminals use to coordinate their hacking network.
Initially, Trickbot was simply malevolent software developed in 2016 and specialized in financial crime. From its origins as a tool for stealing bank account access codes, it grew to become a gigantic botnet.
Trickbot controls more than one million “Zombie” computers – the term used to designate PC’s controlled from a distance – around the world. That makes it “one of the largest botnets in operation.
That global firepower is then rented out to groups of cyber-criminals that can make use of it for their own wrongdoing.
Having a million computers to hand makes it possible to launch massive spam campaigns or lead denial of service (DoS) attacks, flooding machines with requests in order to saturate and disable a server, that are difficult to counteract.
Trickbot has also been used to spread ransomware, viruses that block access to a computer’s files until the assailant can extricate a payoff. Indeed, it is that usage that has garnered the most media attention.
In the United States, cyber-criminals have used the vast network of computers controlled by Trickbot to take a server hostage, virtually speaking, that managed computer systems for retirement homes in the middle of the Covid-19 pandemic.
The worst-case scenario for the November 3 vote would be for a computer controlled by Trickbot’s network to be connected to the computer system of a polling place or a server that contains voter files.
Hackers could then use the computer to reach the targeted server and to block it with ransomware. That could mean that “the systems that manage electoral data could be compromised, blocked by ransomware, which could hinder the counting of votes.
TrickBot is by volume the key distribution pipeline for ransomware and that it would be really easy for state actors to contract with TrickBot to distribute ransomware with the goal of hacking election systems.
Microsoft even planned its operation around the November election. Trickbot could have been targeted as early as April, but the tech giant chose to wait until October in order to give the cyber-criminals the least time possible to rebuild their empire.
France 24 / ABC Flash Point News 2020.