Trickbot botnet that has infected over a million devices has finally been taken down by Microsoft in collaboration with cybersecurity and telecom companies to safeguard upcoming US elections. The mutual efforts of the tech giant, telecom companies, and security researchers have disrupted the command and control servers of the notorious botnet.
Security researchers from cybersecurity companies, including ESET, Lumen’s Black Lotus Labs, and Broadcom’s Symantec, helped Microsoft identify the botnet’s key components of the C2 network, thus reducing its ability to take over infected computers.
The Financial Services Information Sharing and Analysis Committee (FS-ISAC) also played an essential role in the operation by obtaining a court order to shut down the servers through which Trickbot carried out its operations.
Trickbot botnet is spread via phishing and infectors like Emotet. Once it enters the system, it can steal credentials and even hijack the user’s screen to display tampered information like incorrect bank balance or incorrect OTP. Trickbot affected several banking platforms and wreaked huge havoc on the industry. Ryuk ransomware, which took the banking sector and financial institutions by storm, is most commonly dropped by the Trickbot botnet.
According to Jean-Ian Boutin, head of threat research at ESET, the operation will thwart the Trickbot’s ability to infect systems significantly. “By trying to disrupt the normal operations of the Trickbot botnet, we hope that it will result in a decrease in the offering of potential ransomware victims,” he said.
In a blog post published after the operation, Mic ..
Support the originator by clicking the read the rest link below.
