google.com, pub-1967056301068318, DIRECT, f08c47fec0942fa0
COVID-19
Selasa, 13 Oktober 2020 18:18:00

Microsoft Takes Action to Disrupt Botnet and Combat Ransomware

  • Trickbot, one of the world's most infamous botnets, was disrupted through a court order Microsoft obtained as well as technical action
  • The disruption of Trickbot, which has infected over a million computing devices around the world since late 2016, marks a crucial development for Asia Pacific

SINGAPORE - Media OutReach - 12 October 2020 - Today, Microsoft Corp. took action to disrupt a botnet, Trickbot, one of the world's most infamous botnets and prolific distributors of malware and ransomware.

Trickbot was disrupted through a court order Microsoft obtained as well as technical action executed in partnership with an international group of industry and telecommunications providers including the Financial Services Information Sharing and Analysis Center (FS-ISAC), a global intelligence sharing community connecting nearly 7,000 financial institutions, and NTT, a leading global technology service provider. Key infrastructure has now been cut off so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems.

The disruption of Trickbot, which has infected over a million computing devices around the world since late 2016, marks a crucial development for Asia Pacific. The region experiences a higher-than-average encounter rate for ransomware attacks -- 1.7 times higher than the rest of the world -- of which developing countries, including Indonesia, Sri Lanka, India, and Vietnam, were the most vulnerable to malware and ransomware[1]. 

"In recent months, we have seen ransomware attacks impact a large number of governmental entities and businesses, ranging from large conglomerates to hospitals, schools and universities in Asia," said Mary Jo Schrade, Assistant General Counsel, Microsoft Digital Crimes Unit, Asia. "Ransomware also poses a threat to the election infrastructure of a number of countries.  In addition to its threat to elections, Trickbot is known for using malware to steal funds from people and financial institutions. Financial institutions ranging from global banks and payments processors to regional credit unions have been targeted by Trickbot."

To disrupt Trickbot, Microsoft formed an international group of industry and telecommunications providers. The Microsoft Digital Crimes Unit (DCU) led investigation efforts, including detection, analysis, telemetry, and reverse engineering, with additional data and insights to strengthen the legal case from a global network of partners, including FS-ISAC, ESET, Lumen's Black Lotus Labs, NTT, and Symantec, a division of Broadcom, in addition to our Microsoft Defender team. Further action to remediate victims will be supported by Internet Service Providers (ISPs) and Computer Emergency Readiness Teams (CERTs) around the world.

Trickbot's attack on computer systems in Asia

In the course of Microsoft's investigation into Trickbot, approximately 61,000 samples of Trickbot malware were analyzed. What makes it so dangerous is that it has modular capabilities that constantly evolve, infecting victims for the operators' purposes through a "malware-as-a-service" model. Its operators could provide customers access to infected machines and offer a delivery mechanism for many forms of malware.

Trickbot is known for using malware to intercept victims' log in credentials for online banking websites, but it also is used to infect victims' computers with the Ryuk crypto-ransomware, which has been used in attacks against a wide range of public and private institutions. Ransomware can have devastating effects. Most recently, it crippled the IT network of a German hospital resulting in the death of a woman seeking emergency treatment.

Beyond infecting victims' computers, Trickbot has also infected "Internet of Things" (IoT) devices, such as routers, which extends its reach into households and organizations, expanding the scope of vulnerable targets to devices that are often not updated or patched in a timely way.

Trickbot's spam and spear phishing campaigns, which are used to distribute malware, have leveraged lures such as Black Lives Matter and COVID-19, enticing people to click on malicious documents or links. Based on data from Microsoft Office 365 Advanced Threat Detection, Trickbot has been the most prolific malware operation using COVID-19 themed lures.

How businesses and home computer users can protect themselves

The top actions that businesses and home computer users can take to protect their systems are to use multifactor authentication, to always use good email hygiene, and to update and patch systems in a timely manner.  Multi-factor authentication can stop credential-based attacks dead in their tracks. Without access to the additional factor, the attacker cannot access the account or protected resource. As 90% of attacks start with an email, preventing phishing (and its voicemail- and text-based variants, vishing and SMiShing) can limit the opportunity for attackers to succeed. Email hygiene platforms that incorporate filtering on the way in and link checking, like Safe Links, when clicked (on the way out) provide the most comprehensive protection. Finally, it is important to ensure that computers are using the most up-to-date versions of software because these patches and updates repair known vulnerabilities.

Microsoft's Digital Crimes Unit will also continue to engage in operations to protect organizations involved in the democratic process and the entire customer base. Since 2010, Microsoft, through the Digital Crimes Unit, has collaborated with law enforcement and other partners on 23 malware and nation-state domain disruptions, resulting in over 500 million devices rescued from cybercriminals.

For more details on the disruption, please visit the following blog post: https://blogs.microsoft.com/on-the-issues/?p=64132 



About Microsoft

Microsoft (Nasdaq "MSFT" @microsoft) enables digital transformation for the era of an intelligent cloud and an intelligent edge. Its mission is to empower every person and every organization on the planet to achieve more.

Share
Berita Terkait
  • 2 hari lalu

    Galileo Platforms Blockchain First with Singlife Philippines Launch

    Galileo Platforms joined with Singlife Philippines, a mobile-first life insurer from Singapore, and GCash, the largest e-wallet in the Philippines, to launch a platform for life in
  • 2 hari lalu

    Thailand's Best Workplaces Honoured Amidst Pandemic

    To celebrate this spirit, the HR Asia Best Companies to Work For in Asia Awards honours those employers who not only show good employee engagement and best practices, but also the
  • 2 hari lalu

    DHL Express expects historical peak season in 2020

    DHL Express has taken numerous precautionary measures for over 100,000 employees operating in more than 220 countries and territories, such as providing face masks and disinfectant
  • 2 hari lalu

    Rockwell Automation Meningkatkan Produktivitas, Mendorong Profitabilitas, dan Mengurangi Risiko di Seluruh Pengoperasian Pabrik dengan Peluncuran PlantPAx 5.0

    Kapabilitas sistem baru ini membantu merubah operasi secara digital dengan cara memperkenalkan fungsionalitas proses secara natif ke kontroler, meningkatkan ketersediaan aset siste
  • Komentar
    Copyright © 2020 Global Riau - Berita Riau Hari Ini. All Rights Reserved.
     
    loading...