We’re only weeks away from a fierce U.S. Presidential election, and various reports are circulating that a group of tech firms have taken down a significant hacking tool being used by Russian attackers.
Experts say the tool was intended to sway voter opinions or infect computer systems used to maintain voter rolls. Given a chance to run wild, the tool may have been able to report on election-night results or seize computer systems at a scheduled time to sow havoc and doubt.
Leading the charge of the hacker prevention warriors is Microsoft, which announced Monday that it had taken prohibitive actions against Trickbot. Trickbot -- already a longtime Microsoft nuisance -- is a notorious Russian botnet that's infected more than a million computers and has been a leading source behind an endless number of ransomware attacks.
“We disrupted Trickbot through a court order we obtained as well as technical action we executed in partnership with telecommunications providers around the world,” wrote Tom Burt, Microsoft's Corporate Vice President, Customer Security & Trust. “We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems.”
The court granted Microsoft the permission to disable any IP address or server used by Trickbot, as well as block Trickbot’s owners from buying more servers.
Trickbot does more than than just mess with elections
On top of Trickbot’s election threat, it’s regarded as a major thorn in the side of financial institutions. Security researchers say the malware has previously been able to reach online banking websites and steal funds from people, banks, payment processors, and credit unions without a consumer ever knowing what happened.
“People are unaware of Trickbot’s activity as the operators have designed it to hide itself,” Burt said. “After Trickbot captures login credentials and personal information, operators use that information to access people’s bank accounts. People experience a normal login process and are typically unaware of the underlying surveillance and theft.”
Election cybersecurity is nothing new, but the idea of this kind of attack brings little comfort now that we’re only weeks away from election day. You might remember when Facebook data collected by Cambridge Analytica was used to promote pro-Trump messaging back in 2016.
Ransomware attacks have been on an upswing over the four years since Trickbot appeared on the scene, targeting everyone from city governments to health care companies like United Health Services and its 400 health care facilities in the U.S. and U.K.