Tuesday, October 13, 2020

Election Injection Correction Detection

Microsoft has taken down a major malware botnet that could have infected thousands of voting machines across the country with ransomware, and the company says it remains on watch for more attacks.
 
Microsoft has disrupted a massive hacking operation that it said could have indirectly affected election infrastructure if allowed to continue. 
The company said Monday it took down the servers behind Trickbot, an enormous malware network that criminals were using to launch other cyberattacks, including a strain of highly potent ransomware
Microsoft said it obtained a federal court order to disable the IP addresses associated with Trickbot's servers, and worked with telecom providers around the world to stamp out the network. The action coincides with an offensive by US Cyber Command to disrupt the cybercriminals, at least temporarily, according to The Washington Post
Microsoft (MSFT) acknowledged that the attackers are likely to adapt and seek to revive their operations eventually. But, Microsoft said, the company's efforts reflect a "new legal approach" that may help authorities fight the network going forward. 
Trickbot allowed hackers to sell what Microsoft said was a service to other hackers — offering them the capability to inject vulnerable computers, routers and other devices with other malware. 
That includes ransomware, which Microsoft and US officials have warned could pose a risk to websites that display election information or to third-party software vendors that provide services to election officials. 
"Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust," Microsoft VP of security Tom Burt wrote in a blog post
Ransomware seizes control of target computers and freezes them until victims pay up — though experts urge those affected by ransomware not to encourage hackers by complying with their demands. The Treasury Department has warned that paying ransoms could violate US sanctions policy. 
He added: "We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems."
 
This is definitely a victory for the good guys, and keep in mind that Republicans have spent four years doing everything they can to cripple US Cyber Command and our election defenses and to block reporting on just how vulnerable we remain.

It's now up to corporate entities like Microsoft to do the job the US government should be doing...and Republicans are attacking them too.

No comments:

Post a Comment