Did Microsoft Just Preempt A Huge Malware Attack That Could Have Impacted Elections?

Microsoft took down a massive hacking operation named Trickbot, which would have affected the United States elections infrastructure indirectly.

Trickbot is a huge malware network that has infected more than a million computing devices in the world since 2016, and it enabled other hackers to inject malware in computers, routers, and other devices, evading detection.

Microsoft Corporate Vice President Tom Brut said the U.S. government and experts have cautioned that ransomware is one of the largest threats to the elections next month.

"Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust," he wrote.

Microsoft acquired an order from a district court in Virginia to execute the technical action and disable its IP address, in collaboration with telecommunication providers around the world. The tech giant's Digital Crimes Unit (DCU) led an investigation into the detection and reverse engineering of the virus, with partners including FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, and Symantec in addition to Microsoft's Defender team.

Private sector agencies, however, suggest that close to 20 Trickbot command centers were found to be active across the world, as per reports. One of the agencies Microsoft worked with for this operation, Symantec, told Reuters that Trickbot has control points in at least 20 countries where the U.S. court order does not hold. This means that the malware may still be able to communicate with systems in the U.S.

Such viruses freeze their victims’ computers and render them inoperable until they pay up. It infects computers in such a way that its own trace is not detected. The Treasury Department of the U.S. government warns against complying with demands as it violates U.S. sanctions policy.

Microsoft claims this action also protects a wide range of government and financial organizations, healthcare facilities, businesses, and universities from Trickbot-enabled malware.

A report by cybersecurity firm Check Point Research suggests the U.S. has seen a rise in cyber attacks, a point of concern as the country heads for elections in less than a month. More than 300 ransomware attacks were reported in the third quarter of 2020, almost double the attacks in the second quarter.

Recently, CNN reported attacks on Tyler Tech, a software used by many local governments in the U.S., as well as Universal Health Services, one of the biggest hospital chains in the country. The experts quoted in the report called the impact of ransomware on elections only a "hypothetical threat" as of now.