Trickbot botnet that has infected over a million devices has finally been taken down by Microsoft in collaboration with cybersecurity and telecom companies to safeguard upcoming US elections. The mutual efforts of the tech giant, telecom companies, and security researchers have disrupted the command and control servers of the notorious botnet.
Security researchers from cybersecurity companies, including ESET, Lumen’s Black Lotus Labs, and Broadcom’s Symantec, helped Microsoft identify the botnet’s key components of the C2 network, thus reducing its ability to take over infected computers.
The Financial Services Information Sharing and Analysis Committee (FS-ISAC) also played an essential role in the operation by obtaining a court order to shut down the servers through which Trickbot carried out its operations.
Trickbot botnet is spread via phishing and infectors like Emotet. Once it enters the system, it can steal credentials and even hijack the user’s screen to display tampered information like incorrect bank balance or incorrect OTP. Trickbot affected several banking platforms and wreaked huge havoc on the industry. Ryuk ransomware, which took the banking sector and financial institutions by storm, is most commonly dropped by the Trickbot botnet.
According to Jean-Ian Boutin, head of threat research at ESET, the operation will thwart the Trickbot’s ability to infect systems significantly. “By trying to disrupt the normal operations of the Trickbot botnet, we hope that it will result in a decrease in the offering of potential ransomware victims,” he said.
In a blog post published after the operation, Microsoft said that the botnet was a massive threat to the upcoming elections. Chances were that the bad actors behind the botnet could infect a computer system used to maintain voter rolls or report on election-night results.
Despite disrupting the servers used to operate Trickbot, Microsoft says that the work is not done yet. It said, “We fully anticipate Trickbot’s operators will make efforts to revive their operations, and we will work with our partners to monitor their activities and take additional legal and technical steps to stop them.”