Microsoft Against Malware Attack
Microsoft found that its defender antivirus team was involved with major cybercriminals to extract information about the botnet scheme. Users informed Microsoft about the attack.
How malware attack was managed
Microsoft requested the court to let it take down botnet infrastructure. The written request asked for having control over Trickbot’s server.
It wanted IP addresses authorization so that it can stop the hackers behind it from leasing servers. This request was a strategy to destroy the data owned by hackers. The plan was successful.
Microsoft brought it in front of the court that how Trickbot tried to damage its image as well. It used Microsoft e-mail addresses to hostile its clients.
Along with Microsoft, many US authorities were involved in taking down Trickbot. Intel471 cautioned that this trick will not work for Trickbot. Trickbot is one of the highly energetic botnets.
How malware attack started
The Trickbot community was first found by researchers in 2016.
- Began with a banking Trojan.
- Evolved into malware installer.
- Had contaminated techniques for cybercrimes.
- Malware- as-a-service(MaaS)
What happened in the fight against malware attack?
- The fight was started on October 9 by Microsoft and its partners after got a green signal from the court.
- Result came early.
- More than 200 victims were reported before the battle began.
- The Botnet is down.
- 69 servers were hosting botnet.
- Till October 18, 62 were compromised.
- Microsoft Digital Crimes Unit (DCU) detected and analyzed in the investigation to give insight.
Might try to rescue its malicious network through other botnet partners. Cyberteachers questioned Microsoft about its success.
In a simple language connection of infected computers can be said to be a botnet. As of now the main target of Trickbot is to find a safe place to sustain. New attacks will not take place as of now.
Impact of malware attack
- The threat of the ransomware attack was crucial for presidential elections in the US. Infected and steal the data before making the victims aware of the attack.
- An Immediate step was taken by Microsoft to protect America’s elections. Systems having information about voter roll could have been infected.
- Partners of Microsoft were ESET, NTT, Symantec, FS-ISAC, and Lumens Black Lotus Labs. Besides taking down the botnet they worked to disrupt Trickbot’s effort of purchasing additional servers.
The action taken by Microsoft helped in the prevention of attacks on banks, universities, businesses, and healthcare, and elections infrastructure.
- Microsoft went through deep research of Trickbot before starting the battle.
In the investigation 61,000 malware samples were found.
- Operators of Trickbot can let their users use the infected machine.
- Blockage by Microsoft handicapped Trickbot.
- Stealing money from people is a feature of Trickbot.
- It can be a great threat to the elections infrastructure of all the countries.
In the Asian pacific Trickbot marks its development as this region has the highest number of ransomware attacks as compared to other countries.
Those countries that are vulnerable include developing countries such as India, Indonesia, Sri Lanka, and Vietnam. Talking about Asia a lot of schools, hospitals, and government agencies have been affected.
Ryuk crypto is used by Trickbot for attacking public and private institutions.
To extend its reach to home and organizations it infects routers.
To distribute malware Trickbot uses such as Black lives Matter and COVID-19 to lure. It knows that people will click on such links and documents as they are trending nowadays. Largely it is using COVID-19 to lure.
- Many times the goal of a botnet is to disable online websites.
- It can also spy on people by hijacking webcam and can sell their footage.
- It can use malicious software to know credit card numbers.
- Has caused economic damage worldwide.
Microsoft response to Trickbot
Microsoft Digital Crimes Unit investigated the matter. This step was taken after permission was granted by the court.
It uses the Cyber Intelligence program and government security programs for notification.
It has collaborated with international and domestic law enforcement to have control over botnet domains.
Microsoft wants the government to support the smooth functioning of the public-private partnership to fight against Trickbot. It wants more co-operation.
Microsoft is working towards the protection of information systems from a botnet. Initiatives are being taken by Microsoft to build a defense strategy against botnet.
It has worked and is working in partnership to confront threats by a botnet. It has put a pause on the flourishment of Trickbot.
However, it is continuously working to keep a full stop on it.
I hope, the above information is helpful for you. If you want to know more information like this, you can simply visit Teqhow