Microsoft and Partners Continue To Block Trickbot To Protect Elections

Microsoft on Tuesday provided an update about its efforts, along with partners, to take down the Trickbot criminal network, which uses servers and devices to spread ransomware.

The effort initially was described last week by Tom Burt, corporate vice president for customer security and trust at Microsoft. He had explained back then that Microsoft and the Financial Services Information Sharing and Analysis Center had gained traction in the courts to close Trickbot using the novel strategy that the attackers were infringing on Microsoft's patents.

This week, Burt clarified that Microsoft and its partners had only eliminated 94 percent of Trickbot's operational infrastructure. Trickbot was also using Internet of Things (IoT) devices, besides servers, to launch its attacks, which Microsoft and its partners are now working to disable.

The Trickbot attackers have since spun up 59 new servers to resume operations. However, all but one of those servers have been shut down by Microsoft and its partners, Burt explained. It can take "less than three hours" for that to happen. Microsoft and its Digital Crimes Unit is working with security solutions providers, as well as Internet service providers, to block the Trickbot network.

Burt also clarified that a principal reason for these efforts to shut down Trickbot is to protect electoral processes in countries. He encouraged participation by the larger security community to help with the effort.

Security researchers have suggested that Trickbot was only temporarily disabled, but its disruption nonetheless may have damaged its reputation among criminals wanting to use it, according to a ZDNet story by Catalin Cimpanu. In that way, Microsoft's and its partners may have achieved a positive effect.

That sort of notion seemed to get echoed in Burt's concluding statement.

"As this work continues, it will be important to focus on the collective impact to Trickbot's capabilities between now and the election, rather than to focus on potentially misleading simplified snapshots from any single moment in time," he wrote.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


comments powered by Disqus

Subscribe on YouTube