An update on our disruption of Trickbot | Microsoft On The Issues

An update on our disruption of Trickbot | Microsoft On The Issues

Last week, we announced a disruption targeting the botnet Trickbot. Trickbot is a network of servers and infected devices run by criminals responsible for a wide range of nefarious activity including the distribution of ransomware which can lock up computer systems. Our disruption is intended to disable Trickbot’s infrastructure and make it difficult for its operators to enable ransomware attacks, which have been identified as one of the biggest threats to the upcoming U.S. elections. We’ve had many requests for updates on the operation, so I’d like to share more on how it’s going.

As of October 18, we’ve worked with partners around the world to eliminate 94% of Trickbot’s critical operational infrastructure including both the command-and-control servers in use at the time our action began and new infrastructure Trickbot has attempted to bring online…

First, Microsoft and our partners are trying to take a persistent and layered approach to addressing Trickbot’s operations around the world. This is necessary due to the unique architecture of the Trickbot botnet, and the creativity and persistence of the criminals operating it. Since the initial court order we obtained, we’ve gone back to court and secured subsequent orders to take down the newly activated infrastructure. We will continue to do this between now and election day on November 3. Additionally, our partners and the hosting providers we work with – who have been crucial to our progress – have been sharing information that has uncovered more command-and-control servers. As we continue to cut off these new servers, our partners are also working to clean and remediate the compromised IoT devices, especially routers, that the Trickbot operators are using as non-traditional command-and-control infrastructure. These compromised routers pose a unique challenge for the internet service providers (ISPs) as they must simultaneously work to remediate devices while keeping legitimate traffic uninterrupted, and this delicate work is underway. Finally, we’re working with ISPs and others to also clean devices in people’s homes and businesses that might be infected.

Second, this work has always been about disrupting Trickbot’s operations during peak election activity – doing what we can to take action at a critical time – and we’re encouraged by what we’re seeing. Anytime a botnet’s server infrastructure is eliminated, the attempt to rebuild is not as simple as setting up new servers. New servers need to be provisioned to begin talking with the botnet’s infected devices and issuing commands, all of which takes time. We have identified new Trickbot servers, located their respective hosting provider, determined the proper legal methodology to take action, and completely disabled those servers in less than three hours. Our global coordination has allowed a provider to take quick action as soon as we notify them – in one case, in less than six minutes. What we’re seeing suggests Trickbot’s main focus has become setting up new infrastructure, rather than initiating fresh attacks, and it has had to turn elsewhere for operational help…

Third, we have the right team and the right groundwork in place to continue having impact in the coming weeks. Our Digital Crimes Unit has spent years studying, documenting and categorizing Trickbot’s infrastructure, identifying which command-and-controls are traditional servers and which are actually IoT devices. We believe we understand the right details about Trickbot’s infrastructure to focus our attention on the specific command-and-control servers that allow for the greatest degree of disruption. Even more importantly, our network of global partners is monitoring Trickbot’s activities and sharing information around the clock. And we have members of our Digital Crimes Unit around the world in direct contact with local ISPs and telecommunications companies…

The rest of the post An update on our disruption of Trickbot appeared first on Microsoft on the Issues.

from Microsoft on the Issues

Follow-up on Convoy raises $62M from Bill Gates and other luminaries to transform trucking industry with technology – Geekwire

Pro Rata newsletter

Pro Rata update on blogged story from 07/24.

Pro Rata by Dan Primack on Axios

The second paragraph is important and not mentioned in the GeekWire report about empty driving; the industry term is dead-head miles. He estimates this to be 40%. I’m not sure where he gets that number, but it sounds high to me. A possibility could arise where in his part of the country, that figure for getting loads can be accurate, based on the relative lack of shippers and consignees compared to the California submarket and the Eastern half of the country {the rough diving line in the business is Interstate 35 from the Twin Cities to DFW}

As a rule, I tend to not put too much faith in the comment section of most websites that enable it, but something @caseyedwinson mentioned deserves merit.

Constant driver communication and training should help with the onboarding of new drivers. The newer tech savvy generation is starting to get behind the wheel more and more as the baby boomer drivers retire. They all have cell phones!

While this is definitely true, and especially Owner-Operators, of which this service is a primary target of, the proof will come down to something I thought previously unarticulated; will it enable a profitable load for the driver, not just the freight master?