Editor’s note: In late February, Microsoft President Brad Smith testified before the Senate Armed Services Committee on emerging technologies and their impact on national security. Later, he also testified at the Senate Select Committee on Intelligence on the SolarWinds hack.

Read Brad Smith’s written testimony from the Senate Armed Services Committee hearing here and watch the testimony here.

Read Brad Smith’s written testimony from the Senate Select Committee on Intelligence hearing here and watch the testimony here.

The following is a Microsoft blog post from Brad Smith.
=================================================================
For two centuries, technology has changed the nature of what it takes to defend a nation. In early 1940, improved tanks rendered worthless two decades of French investment along the fortified Maginot Line, as the German army simply plowed around it. And in late 1941, the United States learned that advances in naval aviation meant that battleships could no longer defend Pearl Harbor. Today, foreign cyberweapons pose a similar threat for the future.

Congress this week will explore the role digital technology’s influence on American power and security. While committees in both the House and Senate will rightly focus on the threats cyberweapons pose, the broader topic of the Senate Armed Services Committee’s hearing focus on the higher stakes represented: digital technologies across the board are rapidly redefining the way we secure the peace, maintain our defense and, when necessary, fight wars.

But today one would be hard-pressed to say that the country has a comprehensive strategy to harness these technologies for the country’s defense. A more cohesive approach is needed, in terms of infrastructure defense, military expertise and global engagement.

The recent SolarWinds cyberattack on the tech sector’s supply chain was a wake-up call. And just last week in Texas, nature demonstrated the vulnerability of our power grid. Yet, since 2014, Russian agencies have intruded into the U.S. electrical grid, and we shouldn’t assume they were alone or had benign intent.

This means we must prepare for more sophisticated foreign attacks. We need to strengthen our software and hardware supply chains and modernize IT infrastructure. We must also promote broader sharing of threat intelligence, including for real-time responses during cyber incidents.

Let’s start with the need for more open sharing of information. Today, too many cyberattack victims keep information to themselves. We will not solve this problem through silence. It’s imperative that we encourage and sometimes even require better information sharing, including by tech companies.

But cybersecurity is just the start. Emerging technologies such as cloud and edge services, AI and 5G will redefine the requirements for military operations at mission speed, based on their ability to harness massive amounts of data and computational power.

The Pentagon needs to move more quickly to use, secure and adapt commercial advances for military applications. This will require more agile procurement, more digital skills in personnel training, and a closer partnership between the government and the tech sector.

The development of digital technology often starts with commercial technology and then moves to military and intelligence adaptations, rather than the other way round. This is the opposite of the Cold War, and it changes almost everything.

It means that military supremacy in digital technology is dependent on broader national leadership in the field. And, while the computer revolution took root on American soil, it is now a worldwide endeavor with global powers, including China, competing in and sometimes leading the race.

This requires a holistic approach to government-sponsored basic research and technology trade policy. The United States has unmatched capability for basic research through our research universities. Yet government research spending has declined, and within the next few years China is expected to surpass us.

We also need to strengthen ties with our allies, building on the global nature of technology innovation. Microsoft’s quantum computing efforts illustrate this well, with labs in Indiana, California and Washington, as well as Denmark, the Netherlands and Australia.

Finally, global technology leadership requires successful work to promote standards and technology protocols that reflect American inventions. The U.S. has excelled in these fields through decades of international outreach. This can’t stop now.

A lot is at stake, including the nation’s unique role in providing global leadership. When we think about the role of technology for the country’s defense, our ability to establish and defend the most important connective tissue of the international order – in areas such as finance, cybersecurity, healthcare and transportation – marks one stronghold of American power and security.

We will need to lead with moral authority and not the strength of technology alone. As in the past, there is no substitute for technology the world can trust.

For the last 70 years, the United States has provided what we might think of as the global public operating system. The next 70 years will witness this not just as a metaphor, but as real software power. Our national security strategy therefore must continue to offer the best options for countries around the world as they transition every part of their national lives to a digital age.

2020 was a disruptive year for the tech industry – accelerating developments that may have taken 3 to 5 years to implement to everyday use almost overnight.

Given these developments, here are five tech industry trends we’ll see within the next 11 months:
1 Work from Home (WFH) culture sets off a renewed focus on smart collaboration and office set-up of the future. As companies examine the functionality of the workplace, we’ll start to see more traditional office workspaces become periodic collaboration hubs, while home offices become the day-to-day workplace.

The office will likely transform from many desks, conference rooms, and shared amenities to a cooperative business center supporting specific project-based priorities on an ongoing basis.
As a result, employers will need to equip their full workforce with the right tech tools, deployment, and IT support to maximize productivity and collaboration – for both working from home and in the shared workplace.

2 5G and Connectivity Will Be in the Spotlight. 5G became a reality in 2020, but the global pandemic overshadowed its launch. In 2021 this will begin to change.

5G has infinite possibilities, many of which are yet to be explored. It is more than just ‘very fast internet,’ as it can enable many more products and services. It will also enhance augmented reality (AR) and virtual reality (VR) experiences, which in themselves have unexplored possibilities.

5G will continue to transform personal computing as more PCs – joining tablets and smartphones – embrace always-on and always-connected capabilities, offering freedom from reliance on Wi-Fi alone. This is especially critical now as multiple household members stretch home Wi-Fi networks at peak hours while working and learning from home.

3 New Form Factors for New Generations. 2020 saw the introduction of foldable technology in PCs and smartphones that reshaped the potential of portability and productivity. These devices will move to the mainstream in the coming years as more panel suppliers offer more incredible options at lower price points.
Further out, we may even see foldable tech extended to external monitors that can be folded and unfolded, rolled and unrolled, to expand and contract based on the number of viewers watching.

These displays may one day also be embedded into our smartwatches, textiles, or even toys that extend like a scroll. Enterprise-grade, AR-enabled smart glasses for more versatility in remote maintenance and training, for example, will also come to the fore.

4 Heightened Cybersecurity and Transparency. Security of sensitive information will be a top priority in 2021 because of the proliferation of data, the ever-growing number of entry points, and hackers becoming more resourceful.

With the traditional network suddenly moving away from the corporate environment, the perimeter has now expanded to all devices connected remotely to the cloud or other work devices – where even smart home devices may add risk to corporate networks as employees log in from home.

Below-the-OS attacks, where hackers dive deeper into the computing stack for vulnerabilities, are also a growing risk. More remote and cloud infrastructures in the new normal also mean companies will need to grapple with how best to keep themselves secured with integrations of partner security services.

Ultimately, organizations will need to commit to a more agile, business-centric approach to security that doesn’t replace their existing security models but instead places security within the context of the organizational strategy.

5 IoT, Edge, and Blockchain Technology Will Become More Popular. The Internet of Things (IoT) has made tremendous strides over the past two years. It is becoming part of homes, businesses, and cities as people strive to make their lives simpler, streamlined, and more connected.

An IoT ecosystem consists of web-enabled smart devices that use embedded systems, such as processors, sensors, and communication hardware, to collect, send and act on data they acquire from their environments. IoT devices share the sensor data they collect by connecting to an IoT gateway or other edge device where data is sent to the cloud to be analyzed.

With IoT, a considerable amount of information is generated, which is then analyzed by cloud servers to extract only the useful data.  This data is then fed back into IoT to increase its accuracy and relevance.

The truth is, deploying IoT at scale can be a tricky task. Everything looks different. IoT applications, gateways, and smart devices are installed differently and can be scattered across an organization’s physical locations.

As these IoT technologies become more prevalent, so too will connected products that require greater autonomy and speed, and edge computing will help facilitate this by rapidly analyzing their information.

With edge computing, products can immediately process information at its source rather than first divert it through the cloud. This makes technology like autonomous cars possible.

Lastly, Blockchain – a fantastic piece of data regulation technology, will most definitely become more popular in the coming months. When Blockchain technology first appeared on the public’s radar a few years ago, it was often conflated with Bitcoin and crypto currency.

However, while this was happening – the importance of Blockchain technology itself was overshadowed. 2021 will shine a light on the importance of this technology as the focus turns to enable digital trust.
​
The reason for this is that Blockchain technology can record transactions between two parties without the need for third-party authentication and is thus often referred to as a digital ledger. The information in this ledger is open and decentralized, which makes it ideal for identity management and tracking sources of assets and data, thus playing a vital role in the identification of information.

Some of the world’s biggest companies, like Amazon and SpaceX, are looking towards space for the future of the Internet. Satellite-based Internet is a nascent enterprise, but analysts believe that broadband Internet beamed to Earth from orbit could be a massive business within the next 20 years, earning hundreds of billions of dollars.

Attention has focused on the “space” part of “space Internet,” with news stories focused on the rocket launches getting SpaceX’s Starlink satellites into space and how Amazon plans to catch up with satellites of its own. But all of these satellites will need transceivers on Earth to send and receive data. Scientists at the Tokyo Institute of Technology and Socionext Inc. have built a new one that works with the next generation of Internet satellites.

What are transceivers? Unassuming pieces of technology, they are some of the least-flashy but most important components in history. A transceiver is a device that can both transmit and receive signals, hence the name. Combining a transmitter and a receiver into one device allows for greater flexibility, and since their development in the 1920s, they’ve been used to reach remote locations. One of the earliest transceivers, invented by the Australian John Traeger, was used to help doctors reach remote villages.

The new transceiver, designed for space internet technology, was developed at Kenichi Okada's lab at Tokyo Tech and presented recently at the virtual IEEE Radio Frequency Integrated Circuits Symposium. The new device has several improvements on both the transmitting and receiving ends of the business. All of these developments are geared toward providing Internet access in rural and remote areas. At only 3 mm (0.118 inches) by 3 mm, the transceiver can communicate with satellites over 22,000 miles above the Earth’s atmosphere.

"Satellite communication has become a key technology for providing interactive TV and broadband internet services in low-density rural areas. Implementing Ka-band communications using silicon – complementary metal-oxide-semiconductor technology in particular – is a promising solution owing to the potential for global coverage at low cost and using the wide available bandwidth," Okada said in a statement released by Tokyo Tech.

On the receiving end, the transceiver uses a dual-channel architecture. That translates into two receiving channels being able to attain signals from two different satellites simultaneously. If there’s ever any interference, be it from a malicious actor, a satellite breaking down in space, or the odd solar flare, it can effortlessly pick up another signal.

Stopping Interference. It can also handle one of the worst issues to plague any transceiver: adjacent channel interference or ACI. ACI occurs when a signal sent on one channel begins to overlap with another, adding noise and interference. The new transceiver’s dual-channel architecture can stop ACI at the source. Any interference is eliminated by adjacent channels. ACI is the type of problem that can frequently occur in remote areas, and eliminating it allows the device to extend its range even further.

On the transmitting side, Okada says that the device’s “transmitting power was the biggest challenge” for the new transceiver. Not only does it have to work, but it has to be cost-effective for companies like Amazon and SpaceX to show any consideration.

Designers use semiconductors known for the efficiency, as well as transistors made of the little-known compound Gallium arsenide, which has the lovely acronym of GaAs. GaAs transistors are superior to their more common silicon in many ways, and Okada says that getting the semiconductors and GaAs transistors to work together is “the most important technology for the transceiver design.”

Who This Helps. It’s not just space-based Internet that could benefit from the design that Okada and his team have developed. Okada says that balloon-based Internet, the type currently being implemented by Alphabet’s Loon in Kenya, could also use this improved transceiver.

In emergencies with inferior to non-existent Internet, the type that Loon, Starlink, and now Amazon’s Kuiper want to solve, every advantage can count. And now, one of the most significant advantages might come on the ground.

Cybersecurity firm FireEye has recently released a report detailing the techniques used by the SolarWinds hackers inside the networks of companies they breached.

With the report, FireEye researchers have also released a free tool on GitHub named Azure AD Investigator that they say can help companies determine if the SolarWinds hackers (also known as UNC2452) used any of these techniques inside their networks.

Today's FireEye report comes as the security firm has spearheaded investigations into the SolarWinds supply chain compromise, together with Microsoft and CrowdStrike.

The SolarWinds hack came to light on December 13, 2020, when FireEye and Microsoft confirmed that a threat actor broke into the network of IT software provider SolarWinds and poisoned updates for the Orion app with malware.

The malware, known as Sunburst (or Solorigate), was used to gather info on infected companies. Most of the 18,000 SolarWinds customers who installed a trojanized version of the Orion app were ignored. Still, for some selected targets, the hackers deployed a second strain of malware known as Teardrop. They then used several techniques to escalate access inside the local network and the company's cloud resources, focusing on breaching Microsoft 365 infrastructure.

In its 35-page report, FireEye has detailed these post initial compromise techniques, along with detection, remediation, and hardening strategies that companies can apply.

Summarized, they are as follows:

1. Steal the Active Directory Federation Services (AD FS) token-signing certificate and use it to forge tokens for arbitrary users (sometimes described as Golden SAML). This would allow the attacker to authenticate into a federated resource provider (such as Microsoft 365) as any user, without the need for that user's password or their corresponding multi-factor authentication (MFA) mechanism.
2. Modify or add trusted domains in Azure AD to add a new federated Identity Provider (IdP) that the attacker controls. This would allow the attacker to forge tokens for arbitrary users and has been described as an Azure AD backdoor.
3. Compromise the credentials of on-premises user accounts synchronized to Microsoft 365 that have high privileged directory roles, such as Global Administrator or Application Administrator.
4. Highjack an existing Microsoft 365 application by adding a rogue credential to it to use the legitimate permissions assigned to the application, such as the ability to read email, send email as an arbitrary user, access user calendars, etc., while bypassing MFA.

"While UNC2452 has demonstrated a level of sophistication and evasiveness, the observed techniques are both detectable and defensible," FireEye said.

FireEye's ability to detect these techniques inside its network led to the company investigating an internal breach and then discovering the broader SolarWinds incident.
​
Similar tools to the one FireEye released today have also been released by the US Cybersecurity and Infrastructure Security Agency (called Sparrow) and CrowdStrike (called CRT).

At least 80% of cybersecurity failures involve direct attacks on users' passwords, the World Economic Forum warns. This is a problem that's not going away any time soon. For Microsoft, as it explains in an official blog post, the solution may lie in a passwordless future, and it's hoping to ramp it up next year.

Whether it's storing personal information about addresses, finances, and highly private records, or running companies entirely virtually, the internet is where people live a good deal of their lives. And these people rely on passwords to guard their data and information against malicious actors. In response to hackers, some experts encourage the use of two-factor authentication, but that still isn't airtight.

"Passwords are a hassle to use," it notes, "and they present security risks for users and organizations of all sizes, with an average of one in every 250 corporate accounts compromised each month."

Security keys. For years now, Microsoft has been nudging people to adapt to a passwordless virtual landscape. To dispense with passwords without compromising security, the company offers physical encryption devices like the FIDO2 security key to open Hybrid Azure Active Directory Windows 10 devices.

Biometrics. Apart from security keys, Microsoft also emphasizes the need to try other techniques, like using biometric data to open devices as they do with mobile phones: fingerprints, iris scans, or Apple-style Face ID systems.

Biometric security measures come with their share of privacy concerns, though. But Microsoft is nonetheless eager to encourage a transition to biometrics and FIDO2 security keys. Because those are still more difficult to manipulate and compromise and less susceptible to the social engineering that so often sees passwords come undone.

The company wants this passwordless paradigm to be able to transcend different environments. Users should be able to, for instance, gain access to laptops and cloud-based apps with the same information that would let them access company buildings. Of course, this sort of cross-device and environment security makes ensuring it can't be compromised all the more critical.

Microsoft says its research has found that people are very open to the idea of ditching passwords for good. "Passwordless usage in Azure Active Directory is up by more than 50% for Windows Hello for Business, passwordless phone sign-in with Microsoft Authenticator, and FIDO2 security keys," according to the blog post.
​
But if this passwordless strategy is to become common and reliable in everyday use, Microsoft will have to go beyond its own users and bring rivals like Google and Apple on board, too. That could still take a little convincing.

Remember when Amazon (quietly) announced its expansion to Sidewalk, back in September? Well, the feature is live for some in a new update for the Amazon Alexa app, and you might want to go turn it off. We covered it in Issue 7-25.

Sidewalk is a feature that extends the network coverage of your devices, particularly Ring surveillance tech (like its cameras, smart lights, and pet trackers) and Echo smart speakers. But it'll also share a small chunk of that internet bandwidth to provide the same services to your neighbors – so your privately-owned devices won't be so private anymore. 

Sidewalk has been slowly rolling out to Echo and Ring owners in the U.S. as of Thanksgiving, which users were made aware of via an email from Amazon. While the feature isn't up and running yet, the email essentially notifies users that it's "coming soon." But it's also the company's discreet way of letting you know the feature has officially been turned on. 

Amazon makes it easy to opt out if you're only just unboxing your shiny, new Sidewalk-compatible device. During the setup process, users are asked if they want to join the network via the Amazon Alexa app. However, if you already own one of the 20 Sidewalk-enabled products, it'll automatically opt-in for you. 
To disable Sidewalk, all you need to do is: 

• Update the Amazon Alexa app or double-check that you're on the latest version
• Open the Amazon Alexa app and tap on the More tab
• Then, tap Settings > Account Settings > Amazon Sidewalk and toggle off the Enabled button
  ​
  

Thankfully, the additional Community Finding feature – which "can help your neighbors find pets and important items connected to Sidewalk by sharing the approximate location of [your] device and other Sidewalk bridges you own" is disabled automatically.

Of course, if you'd like to use Sidewalk on either your Echo smart speaker or Ring security device, you'll be happy to know you're already all set for when Amazon officially launches the new feature.

Microsoft is urging users to abandon telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via Short Message Service (SMS) and voice calls and instead replace them with newer MFA technologies, like app-based authenticators and security keys.

The warning comes from Alex Weinert, Director of Identity Security at Microsoft. For the past year, Weinert has been advocating on Microsoft's behalf, urging users to embrace and enable MFA for their online accounts.

In a blog post last year, citing internal Microsoft statistics, Weinert said that users who enabled multi-factor authentication (MFA) ended up blocking around 99.9% of automated attacks against their Microsoft accounts.

But in a follow-up blog post, Weinert says that if users have to choose between multiple MFA solutions, they should stay away from telephone-based MFA.

The Microsoft exec cites several known security issues, not with MFA, but with today's state of the telephone networks.

Weinert says that both SMS and voice calls are transmitted in cleartext and can be easily intercepted by determined attackers, using techniques and tools like software-defined-radios, FEMTO cells, or SS7 intercept services.

SMS-based one-time codes are also phishable via open source and readily-available phishing tools like Modlishka, CredSniper, or Evilginx.

Further, phone network employees can be tricked into transferring phone numbers to a threat actor's SIM card – in attacks known as SIM swapping – allowing attackers to receive MFA one-time codes on behalf of their victims.

On top of these, phone networks are also exposed to changing regulations, downtimes, and performance issues, all of which impact the availability of the MFA mechanism overall, which, in turn, prevents users from authenticating on their account in moments of urgency.

SMS and voice calls are the least secure MFA method today.

All of these make SMS and call-based MFA "the least secure of the MFA methods available today," according to Weinert.

The Microsoft exec believes that this gap between SMS & voice-based MFA "will only widen" in the future.
As MFA adoption increases overall, with more users adopting MFA for their accounts, attackers will also become more interested in breaking MFA methods, with SMS and voice-based MFA naturally becoming their primary target due to its extensive adoption.

Weinert says that users should enable a more robust MFA mechanism for their accounts, if available, recommending Microsoft's Authenticator MFA app as a good starting point.

But if users want the best, they should go with hardware security keys, which Weinert ranked as the best MFA solution in a blog post he published last year.
​
This preference for app or security key alternatives for MFA shouldn't mean that users should disable SMS or voice-based MFA for their accounts without substituting another MFA approach. SMS MFA is still way better than no MFA at all.

If ever there was a decade that announced itself so defiantly in the first year, it’s the 2020s. With so much change and volatility already, 2020 has proven this decade will be dramatically different than the one before it. IT and business leaders must prepare for ten years, unlike any others. 

For IT and business leaders, success in the 2010s meant capitalizing on innovative commercial IT (think cloud and mobile). As the decade went on, many of those firms began leveraging the same commercial platforms, looking and feeling very similar to their customers. Forward-thinking organizations began examining how digital differentiation could give them a leg up and then – wham! – 2020 came in with a bang.

In only a few months, business models were flipped on their heads. The coronavirus pandemic, economic downturns, the rise of values-based consumers, and increasing climate issues forced most businesses to pivot to new, mostly digital, models quickly this year. 

In case it’s not clear by now: What worked in the 2010s will not work in the 2020s as we see business shift from global toward hyperlocal operations. So, what will work? 

For starters, every business role must incorporate systemic risk into long-term planning. For future-fit IT leaders, the risks aren’t limited to the data center or network outages. Today’s threats include rapidly changing consumer trends that require digital pivots, increasingly complex security concerns, the ethical use of AI, and the increasing impacts of climate change. 

Feeling overwhelmed? The good news is that several emerging technologies can help your organization identify and address these risks and create a competitive advantage through disruptive innovation. A few examples include: 

• Employee privacy software that leverages the downpour of employee data without infringing on employee trust 
• AI that is learning how to code enterprise software and changing firms’ organizational structures 
• Cloud-native technology that helps you innovate with software everywhere, especially at the edge 
• Software dedicated to analyzing climate risk to evaluate your individual organization’s risk 
• Robotic process automation that can scale back-office processes for increased resiliency 

Aligning your tech stack to address your organization’s highest risks and pursue the right innovations will be the differentiator for future-fit firms in the 2020s. One of my prime reference sources is Forrester Research. They practice what they preach. Here are some of the steps they are taking to move productively into the 2020’s:

• Leveraging new technology platforms and models to deliver our research and insights to clients more efficiently in formats that let you decide how you want to learn from us. For example, each of the links above will take you to a short-form story explaining an important technology trend in video and text. Each further provides direction on the most critical emerging technologies to invest in, along with a link to our research to learn more. 
• We are moving from an annual trends and technologies report cadence to twice a year in the spirit of more insight faster, with new trends and emerging tech updates published in between.    
• Lastly, to start planning your roadmap for the decade ahead, our upcoming event, Technology & Innovation Global, will dive deep into many of these trends in a keynote panel I will be hosting. We will also feature several breakout sessions from our top analysts. At that event, we’ll demonstrate our next generation of emerging technology and trends research tools, so please join us!   

There are a lot of encrypted USB flash drives out there. You plug them in, and either there's an on-screen popup that asks for your passcode, or some sort of physical keypad that is used to gain access.

But what about transferring the unlocking mechanism to a mobile device – such as a smartphone or your Apple Watch?

This is precisely what the iStorage datAshur BT hardware-encrypted USB flash drive does.

Visually, the iStorage datAshur BT looks like any other USB flash drive. It has a tough epoxy-like exterior that gives the drive a water- and dust-resistant rating of IP57 (protected against damage from dust ingress, and water resistant to 1 meter).

The datAshur BT comes in capacities from 16GB to 128GB.

Data on the datAshur BT is fully encrypted using AES-XTS 256-bit hardware encryption, which is FIPS 140-2 Level 3 compliant design and technology. Brute force is defended against by a built-in data wipe if there are too many wrong attempts made.

Everything is protected by a 7-15-character password or a biometric unlock such as Face ID/Facial recognition, Touch ID/Fingerprint, or IRIS scanning from a smartphone or tablet. The drive communicates using Bluetooth to any smartphone/tablet (iOS/Android) or Apple Watch. The Bluetooth channel is secured by a FIPS validated encryption layer and is only used for connection purposes. There is also support for 2FA using SMS.

The drive itself is completely host independent, so it will work with Windows, Mac, Linux, Chrome, and so on, VDIs such as Citrix and VMWare, and also with embedded systems such as medical devices, TVs, drones, printers, scanners, or pretty much anything with a USB port.
​
Prices for the iStorage datAshur BT range from $103 to $181, depending on the capacity.

Microsoft has disrupted a massive hacking operation that it said could have indirectly affected election infrastructure if allowed to continue. 

Last Monday, the company said it took down the servers behind Trickbot, a massive malware network that criminals were using to launch other cyberattacks, including a strain of highly potent ransomware. 

Microsoft said it obtained a federal court order to disable the IP addresses associated with Trickbot's servers and worked with telecom providers worldwide to stamp out the network. According to The Washington Post, the action coincides with an offensive by US Cyber Command to disrupt the cybercriminals, at least temporarily.

Microsoft acknowledged that the attackers are likely to adapt and seek to revive their operations eventually. Microsoft said the company's efforts reflect a "new legal approach" that may help authorities fight the network going forward.

Trickbot allowed hackers to sell what Microsoft said was a service to other hackers – offering them the capability to inject vulnerable computers, routers, and other devices with other malware. 

That includes ransomware, which Microsoft and US officials have warned could pose a risk to websites that display election information or third-party software vendors that provide services to election officials.

"Adversaries can use ransomware to infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust," Microsoft VP of security Tom Burt wrote in a blog post.

Ransomware seizes control of target computers and freezes them until victims pay up – though experts urge those affected by ransomware not to encourage hackers by complying with their demands. The Treasury Department has warned that paying ransoms could violate US sanctions policy.

He added: "We have now cut off key infrastructure so those operating Trickbot will no longer be able to initiate new infections or activate ransomware already dropped into computer systems."

A separate technical report by Microsoft said Trickbot had been used to spread the Ryuk ransomware. Security experts say Ryuk has been attacking 20 organizations per week.

But Trickbot has also been used to spread false and malicious emails containing malware that tried to lure victims in with messaging surrounding Black Lives Matter and Covid-19, Microsoft said.

Microsoft said Trickbot had infected more than 1 million computing devices globally since 2016 and that its operators have acted on behalf of both governments and criminal organizations, but their exact identity remains ambiguous.

Taking down Trickbot follows a series of attacks that became highly publicized in recent weeks: One targeting Tyler Technologies, a software vendor used by numerous local governments, and Universal Health Services, one of the nation's largest hospital companies. A statement on Tyler Technologies' website has said the company does not directly make election software. The software it produces that is used by election officials to display voting information is separate from its internal systems affected by the attack.
​
Ransomware could pose a risk to the election process if systems designed to support voting are brought down, according to Check Point threat analyst Lotem Finkelstein. Still, so far, experts regard it as "mainly a hypothetical threat right now."