CATEGORIES
home News

U.S. Cyber Command Is Actively Thwarting Sinister Russian Trickbot Botnet

by Nathan OrdSunday, October 11, 2020, 12:56 PM EDT
hacker hero
Approximately two weeks ago, the U.S. military’s Cyber Command, under the National Security Agency (NSA), executed a coordinated attack on the Trickbot botnet. This attack included sending disconnect commands to computers infected with the Trickbot malware, and spoofing records, so the collection of target data has been muddied and compromised itself.

Early in October, KrebsOnSecurity received word that someone with access to the Trickbot network sent out commands to infected devices to disconnect from the Trickbot servers. These servers controlled the infected machines, so this was a massive blow to the nefarious actors behind Trickbot’s operations. Furthermore, the Trickbot malware does data collection, so the previously unknown actor injected “millions of bogus records about new victims into the Trickbot database,” to mess up collection of valid data.

Seven days after the initial attack unfolded, four U.S. officials spoke anonymously to The Washington Post, confirming the U.S. Cyber Command made the attacks. As the Washington Post suggests, this could be part of a broader effort to secure the 2020 election from cyber threats. While this attack was successful, it does not create permanent damage, however.

us cybercom
Sailors at a U.S. CyberCom Joint Cyber Training

In an interview with KrebsOnSecurity, Alex Holden, CISO and President of Hold Security out of Milwaukee, stated that they had been watching Trickbot’s network for some time, including before and after the operation. According to Holden, the attack cut off the team behind Trickbot from many devices, but they can still rebuild. Moreover, the Trickbot team still has personal records of millions of people mixed in with the fake data. Even with the losses and setbacks, the Russian-speaking Trickbot team will possibly be increasing ransom prices to “recoup their losses.” As Holden puts it, “Normally, they will ask for [a ransom amount] that is something like 10 percent of the victim company’s annual revenues. Now, some of the guys involved are talking about increasing that to 100 percent or 150 percent.”

Overall, the U.S. Cyber Command is battling up a steep hill when fighting for cybersecurity. This is not the end of Trickbot nor the end of Cyber Command operations in red (OPFOR controlled) or grey (unknown/free) cyberspace. Similarly, this is likely not the end of an uptick in cybersecurity threats leading up to the election, so for further news about cybersecurity, keep an eye on HotHardware.

(Image Courtesy of Chief Petty Officer Dennis Herring)
Tags:  Malware, security, botnet, NSA, cybersecurity, cyber-command
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment