US Cyber Command attacks world's largest bot network of 1 million hijacked computers amid fears hackers plan to wreak havoc on the election
The American military has mounted an operation to disrupt the world's largest bot network amid fears a ransomware attack could throw the upcoming presidential election into chaos.
In recent weeks, US Cyber Command launched their attack on the network - known as Trickbot - by entering its systems and 'cutting off and confusing operators'.
Trickbot is believed to be operated by a gang of Russian-speaking cybercriminals working out of Eastern Europe.
They have seized control of at least one million computers through phishing. After gaining access to those computers they are able to infect them with other malware, including ransomware.
The American military has mounted an operation to disrupt the world's largest bot network amid fears a ransomware attack could throw the upcoming presidential election into chaos
According to a report published Friday in The Washington Post, 'the Department of Homeland Security Officials fear that a ransomware attack on state or local voter registration offices and related systems could disrupt preparations for November 3 or cause confusion or long lines on Election Day.'
The Cyber Command's operation to 'disrupt' Trickbot was launched to try and combat those concerns.
'My top priority is for a safe, secure, and legitimate 2020 election,' General Paul Nakasone, the head of Cyber Command, told The Washington Post.
'The Department of Defense, and Cyber Command specifically, are supporting a broader 'whole-of-government' approach to secure our elections.'
General Paul Nakasone, the head of Cyber Command, is leading the operation
Alex Holden, the chief information security officer and president of Hold Security, an information and threat intelligence company, has been monitoring the Cyber Command's operation.
A report on the tech blog Krebson Security, quotes Holden as saying that the US Cyber Command has managed to frustrate Trickbot operators during their first 10 days of operation by disrupting the bot network.
'The attack on Trickbot appears to have cut its operators off from a large number of victim computers,' the blog states.
However, it won't be enough to completely shut down the world's largest botnet.
'They still have passwords, financial data and reams of other sensitive information stolen from more millions of systems around the world,' the article continues.
The Washington Post quotes an anonymous official as stating: 'At a time when ransomware is eating the world, this is an operation against one of the biggest and most active threat streams.
'Is this permanent? Of course not. But any effort to degrade the botnet should be applauded.'
The operation is headquartered at the Integrated Cyber Center in Washington, DC
The operation comes less than a month after a cyber attack on Universal Health Services - one of America's largest healthcare providers.
The company's computers systems were attacked by a ransomware program that temporarily locked out users.
Employees were forced to use 'manual systems and paper records' during the outage that affected more than 400 facilities across the US and the United Kingdom.
There were reports of delays in lab testing and ambulances being diverted to different facilities in the midst of the attack.
More than 3.5 million Americans have data stored with Universal Health Services, but the healthcare giant stated that 'there was no evidence that patient or employee data was accessed, copied or misused.'
However, the attack highlights the danger that could come if such ransomware managed to disable computers on Election Day.
Trickbot is believed to be operated by a gang of Russian speaking cybercriminals working out of Eastern Europe. They have seized control of at lest one million computers through phising. After gaining access to those computers they are able to infect them with other malware, including ransomware
