CYBERCOM, Microsoft Tackle TrickBot, World's Biggest Botnet

The campaign represents Cyber Command's first known foray against a criminal network

Over the past few weeks, private companies led by Microsoft as well as US Cyber Command have used a combination of cyber and legal action to tackle what is thought to be the world’s biggest botnet, TrickBot.

TrickBot is a piece of malware which serves as a basis for the eponymous botnet of anywhere between one to three million computers. Thought to be operated by Russian-speaking criminals, TrickBot has operated as a hack-for-hire service, facilitating everything from ransomware attacks to bank heists.

According to security experts, Cyber Command used a phony TrickBot update to temporarily sever communications between infected computers and many of TrickBot’s command-and-control servers. Meanwhile, Microsoft and other tech companies won a court case to shut down many TrickBot servers, after a federal judge ruled the malware violated copyright laws through the malicious use of Microsoft’s software code.

The approach worked, but only temporarily, according to the Intel 471, which suggests the botnet would only be permanently shut down due to law enforcement. Given the Russian government’s close relationship with domestic cyber criminals, that seems unlikely.

The operation against cyber criminals is an unusual move for Cyber Command, which normally focuses its efforts on major state actors or large terrorist networks. One plausible explanation is that TrickBot may have been facilitating a ransomware attack on election services in the weeks prior to the election.

And given that even a mistakenly-severed fiber optic cable can disrupt an election — as a recent lawsuit in Virginia shows — who can blame CyberCom for hacking back?

What I’m drinking:

While on leave, I picked up a bottle of Cayuga White sparkling wine from Bet the Farm Winery.

They deliver and they don’t check ID. Maybe 2020 isn’t so bad.