TrickBot Takedown Disrupts Major Crimeware Apparatus

2020-10-13 14:45

"We disrupted TrickBot through a court order we obtained, as well as technical action we executed in partnership with telecommunications providers around the world," wrote Tom Burt, corporate vice president, Customer Security & Trust, at Microsoft, in a Monday posting.

"Its operators could provide their customers access to infected machines and offer them a delivery mechanism for many forms of malware, including ransomware. Beyond infecting end user computers, TrickBot has also infected a number of Internet of Things devices, such as routers, which has extended TrickBot's reach into households and organizations."

TrickBot has infected more than 1 million computing devices around the world since late 2016, according to Microsoft.

"Prior to the disruption, we had already observed some actors that were previously distributing TrickBot switch to BazaLoader, which has been linked by code similarity to TrickBot," said Sherrod DeGrippo, senior director of threat research at Proofpoint, via email.

"Threat actors will often replace the lost infrastructure quickly and easily out of a different country so we will need to wait and see what the direct impact will beWe believe it's unlikely we'll see any immediate significant changes in Trickbot email delivery volumesThe most recent Trickbot campaigns are already using new command-and-control channels, which shows the threat actors are actively adapting their campaigns."

News URL

https://threatpost.com/trickbot-takedown-crimeware-apparatus/160018/

#takedown #trickbot