Trickbot Strikes Back (gizmodo.com) 6
A notorious group of cybercriminals whose operations were almost totally dismantled last year seems to be back in business -- in yet another example of the seemingly intractable nature of cybercrime. Gizmodo reports: The Russian-speaking group known as "Trickbot" (which is also the name of the malware that they're responsible for creating and distributing), has built up its infrastructure and seems to be preparing for some nefarious new campaign, The Daily Beast first reported. The group, which has been connected to ransomware attacks and widespread theft of financial information, is an outgrowth of an older, Russia-based cybercrime group called "Dyre." After Dyre was initially broken up by Russian authorities back in 2015, the remaining members regrouped, creating new malware tools and working to employ them in even more expansive criminal enterprises. Trickbot, which today operates out of numerous places in Eastern Europe -- including Russia, Ukraine, Belarus, and others -- is perhaps best known for running one of the world's largest botnets. Botnets are large networks of "zombie" devices -- computers that have been infected with special kinds of malware that allow them to be collectively controlled by a hacker, typically for malicious purposes. In Trickbot's case, the group has used its million-plus botnet for an assortment of sordid activities, including helping to launch ransomware attacks throughout the world.
Last fall, the Pentagon's Cyber Command attempted to debilitate Trickbot, fearing that hackers connected to the group might attempt to interfere with the 2020 presidential election. CYBERCOM launched a series of "coordinated attacks" against Trickbot's servers, ultimately succeeding in disrupting its operations. However, it was clear that federal officials did not expect their efforts to be a long-term deterrent, with anonymous sources telling the Washington Post that the action was "not expected to permanently dismantle the network." Around the same time, Microsoft launched its own campaign that was also targeted at dismantling the group. The company tracked and analyzed the servers that were involved in operating the botnet, subsequently garnering a court order that allowed them to disable the IP addresses connected to those servers. Microsoft's operation even involved working together with ISPs to reportedly go "door to door" in Latin America, where they helped to replace routers that had been compromised by the criminal group. However, as is often the case with cybercrime, few of the culprits behind the malware's distribution were ever tracked down or faced charges.
Indeed, a recent report from security firm Fortinet seems to show that the group has allegedly helped create a new strain of ransomware, dubbed "Diavol." On top of this, another report from BitDefender shows that the group has built back up its infrastructure and that it has recently been seen gearing up for new attacks and malicious activity, with the firm ultimately noting that "Trickbot shows no sign of slowing down."
Last fall, the Pentagon's Cyber Command attempted to debilitate Trickbot, fearing that hackers connected to the group might attempt to interfere with the 2020 presidential election. CYBERCOM launched a series of "coordinated attacks" against Trickbot's servers, ultimately succeeding in disrupting its operations. However, it was clear that federal officials did not expect their efforts to be a long-term deterrent, with anonymous sources telling the Washington Post that the action was "not expected to permanently dismantle the network." Around the same time, Microsoft launched its own campaign that was also targeted at dismantling the group. The company tracked and analyzed the servers that were involved in operating the botnet, subsequently garnering a court order that allowed them to disable the IP addresses connected to those servers. Microsoft's operation even involved working together with ISPs to reportedly go "door to door" in Latin America, where they helped to replace routers that had been compromised by the criminal group. However, as is often the case with cybercrime, few of the culprits behind the malware's distribution were ever tracked down or faced charges.
Indeed, a recent report from security firm Fortinet seems to show that the group has allegedly helped create a new strain of ransomware, dubbed "Diavol." On top of this, another report from BitDefender shows that the group has built back up its infrastructure and that it has recently been seen gearing up for new attacks and malicious activity, with the firm ultimately noting that "Trickbot shows no sign of slowing down."
Re: (Score:1)
it supports the narrative of an external existential threat, which in turn can justify bigger budgets, more stringent laws or simply distract attention when needed. elections get great media attention and are a highly sensible and polarizing subject, and thus we get to "cybercrime organizations", armed with ... wait ... botnets?
but those are botnets made of sharks! with lasers on their back!
Solutions Require Cooperation (Score:3)
Clearly to achieve any real long term success, a series of global treaties covering the reporting and investigation of cross border computer crime, needs to happen. Keep in mind the source of the attack can by in the country being attacked, with sufficient gap created by the criminal controlling a server in a country the target country will not contact because they are sure they will catch Russia spies this time or what ever other nonsense.
To track down and prosecute computer network crimes, the reporting and response must be a fast a possible. As soon as an attack is detected in a target country, it should be reported to the host country of the attack, so they can immediately act upon it or at the very least, get to the servers and track where the control signal is coming from, to report it to that country, so they can.
Sounds convoluted but with computers it can be done pretty quick, computers are really good at tracking down the pattern of communications across computer networks. No treaty, no solution will arise apart from permanent disconnection from offending countries like the USA the source of most of the attacks across the planet. As for the corporate shenanigans they also will find their activities crippled by global treaties.
It's going to get nasty (Score:2)
This crap is going to keep escalating until it causes a war. There are too many bad actors who have government backing or unofficial government approval. I'm looking at you Russia and China. One day one of these groups are going to step over a line and cause an international incident that could bring us to war.
uh, yeah, sure (Score:2)
The Russian government broke up a cyber criminal group.
uh-huh.
And now folks are shocked to find it back.
gee, I wonder . . .