TrickBot Takes a Hit in Recent Takedown Attempt

On Monday, a coalition of tech companies orchestrated a takedown attempt of TrickBot, currently one of the most successful malware-as-a-service operations. TrickBot survived the operation, with the command and control servers and domains that had been seized replaced the next day by new infrastructure. However, the operation appears to have had some effect on TrickBot, even if it was just temporal and limited. “Our estimate right now is what the takedown did was to give current victims a breather,” a security researcher said. The disruption efforts weren’t only focused on taking down TrickBot’s servers. Other goals were also discussed and taken into consideration. This included incurring adding additional costs to TrickBot authors and delaying current malware operations, such as ransomware attacks that are usually delivered using TrickBot as a conduit. Furthermore, security researchers also sought to damage TrickBot’s reputation in cyber crime circles. The botnet uses email spam campaigns to infect computers, downloads its malware, and then steals data from infected hosts that it later resells for profit. But the botnet also rents access to infected computers to other criminal groups, which also accounts for a significant portion of its profits. These “customers” include operators of infostealer trojans, BEC fraud groups, ransomware gangs, and even nation-state hacking groups. Read the article at ZDNet.