On Monday, October 12th, a coalition of companies and organizations cooperated to help over one million victims of the Trickbot malware through legal action and technical takedowns. The coalition included Microsoft’s Digital Crimes Unit, Symantec, ESET, Lumen, NTT, and the Financial Services Information Sharing and Analysis Center (FS-ISAC). Microsoft won a court order from the United States District Court for the Eastern District of Virginia that gave the company the authority to disable communication to the IP addresses of the botnet’s Command and Control (C2) servers, render the content stored on the servers inaccessible, suspend all services to the botnet operators, and block any effort by the Trickbot operators to purchase or lease additional servers. Taking action on the court order required the cooperation of many companies, Internet Service Providers, and Computer Emergency Readiness Teams (CERTs) across the globe. As a result of the efforts, all of the currently infected victims of Trickbot can be identified. It will take a long time to notify all of the companies and individuals to clean up the malware on their systems, but at least for the time being, it should not be possible for the threat actors behind the botnet to use it to deliver additional malware. Trickbot has been used in the past to deliver Ryuk ransomware as well as other threats.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security