Please fill in the form below to subscribe to our blog

TrickBot Hit With 1 – 2 Punch as Election Security Concern Grows

October 12, 2020

TrickBot Malware is Reeled in by Microsoft and The Feds As a First Strike in Preserving Election Security

As the US edges closer to the 2020 presidential election on November 3 there’s growing concern about election security, spurred by evidence of potential tampering by foreign agents in 2016 and beyond. This has led to pre-emptive efforts by both federal authorities and major technology players to choke off potential trouble sources before they can become a problem especially those connected with suspected nation-state cybercriminals, like TrickBot malware.


Take a deep dive into phishing attacks and how to fight back with AI in this expert-led webinar about today’s biggest threat! RESERVE YOUR SEAT>>

Nation-State Hackers are a Major Security Concern.

A precipitate increase in cybercrime conducted by nation-state hackers has been on every cybersecurity professional’s radar, especially as ransomware attacks have crippled everything from manufacturing to transportation this year. This type of activity has also raised concerns about cyberattacks being used as an offensive weapon in an increasingly digital world, including as a means of interference in the 2020 US presidential election.

The specter of foreign interference in the 2016 US elections has driven federal agencies, major technology firms, and social media companies to act in the runup to the 2020 contest – especially as stories about cybercrime by nation-state hackers hit the mainstream news. The press has latched onto the topic of cybersecurity concern around electronic voting and tabulation, putting the onus on tech companies and agency watchdogs to prove that they’re alert to potential trouble this cycle.

Suspicions About TrickBot Spur Pre-Emptive Strikes

TrickBot malware has been the first major risk that federal and industry cybersecurity experts have gone after in the leadup to November 3. This malware strain has several arms, including Ryuk ransomware, making it difficult to pinpoint and destroy. Major, coordinated efforts from the private and public sector in concert were used to initiate disruption operations. That effort launched over the weekend with promising results, dealing a 1 – 2 punch to TrickBot operators that has sent them reeling.

In a private sector move, Microsoft obtained an order in the Eastern District of Virginia last week that giving the tech giant control over the TrickBot botnet, a global network it describes as the largest in the world. The courts upheld Microsoft’s claim, supported with more than 100K samples, that TrickBot malware operators were violating Microsoft’s trademarks and damaging its business. Microsoft gained control over botnets and servers containing information like millions of stolen passwords that fueled TrickBot operations as well as the right to seize servers that the cybercriminals use in the future.

Also last week, The US Cyber Command conducted operations against TrickBot to damage and disrupt its operations through a variety of digital methods including codejacking and information stuffing as well as efforts to disrupt the gang’s cybercrime as-a-service operation While these actions won’t stop the cybercriminals behind TrickBot, they cause damage that needs to be repaired, slowing them down considerably.

Companies and agencies that participated in these operations reportedly included Microsoft’s Defender team, FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, and Broadcom’s cyber-security division Symantec. According to the coalition’s reporting, TrickBot had infected more than one million computers before this operation was launched causing billions of dollars in damage.

How Your Systems and Data Are at Risk

While several aspects of TrickBot’s operations can be damaging to your business, one stands about as particularly dangerous and devastating – Ryuk ransomware. The scourge of cybersecurity these days, ransomware is a pernicious foe – and the risk of a ransomware attack grew 148% in March 2020 alone.

But the primary delivery system of ransomware hasn’t changed. It’s still phishing, and phishing risks can be mitigated. ID Agent’s digital risk protection platform includes the foundation of a strong defensive strategy against ransomware like Ryuk: dynamic phishing resistance training.

Ransomware 101 eBook

Don’t let your profits get kidnapped by ransomware. Learn how to defend against today’s scariest threat now!


Add Extra Protection That’s Extra Affordable

Teaching staffers to be suspicious of unexpected messages is essential for phishing resistance, and BullPhish ID is ready to answer the call. Featuring more than 80 phishing kits and 50 security video campaigns, with 27 videos available in 8 languages and 4 new kits added every week. This plug-and-play training is perfect for in-office or remote workers and includes online testing to measure retention.

Adding solutions like Graphus and BullPhish ID aren’t just smart security choices, they’re smart investments in your company’s future. Security awareness training including phishing resistance education can reduce cybersecurity incidents by up to 70%, making it an excellent investment. And if your business is affected by a cyberattack, security automation can lower your recovery costs by 70% too. That’s why adding additional security with our solutions is a smart move for every business in 2020 and beyond.