- Get link
- X
- Other Apps
International efforts are bearing fruit. Two well-known malware were, at least in part, silenced. International collaborations that are complex to implement but now necessary.
During the PanoCrim 2020 conference organized by the Clusif, the Director of ANSSI insisted on the importance of advancing international cooperation in the fight against cybercrime, welcomed recent progress, and recalled that "it is essential to make the cost to cyber attackers much higher. Today they are playing smoothly and are pretty sure in the worst case that they will win nothing but lose nothing either ”.
One botnet less ...
Yesterday we learned a few hours apart that international collaborations had made it possible to shut down, at least in part, the most important botnet of the moment Emotet, and the devastating ransomware Netwalker. The first is a European victory, the second an American victory.
Jointly carried out by Europol and the FBI, the dismantling of Emotet, even if it is not total, is a great victory against the world of cybercrime. The distributed infrastructure of this famous Botnet born in 2014 is used by cybercriminals to spread phishing campaigns, distribute malware and spread ransomware around the world. The network of bot machines was leased to cybercriminals to infect other machines and carry out targeted attacks against companies or public bodies. Typically, the Ryuk ransomware or the TrickBot trojan exploited the Emotet network to spread.
“The increase in the number of attacks by the infamous Emotet malware is not surprising, and BlackBerry's research and intelligence team is also closely monitoring botnets linked to it (Epoch 1, Epoch 2, and Epoch 3) ” explains Tom Bonner, Distinguished Threat Researcher at BlackBerry. “These botnets function as a platform for distributing malware… and most recently, our researchers observed a change in their operation: they propagate banking Trojans called “Qbot” and “Trickbot”, as well as additional tools intended in particular to spoof identities, brute-force malware to hack WiFi or more spam. Also, they use modules intended to horizontally spread the infection once introduced into the network, while remaining available for later access by hackers. "
According to other sources, Emotet was used by more than 30% of malware attacks. Often seen as a threat to the general public, Emotet was also a threat to businesses through the ransomware it disseminated. “ Data from the ThreatCloud Intelligence Network shows that Emotet has impacted 19% of businesses worldwide over the past year,” said Lotem Finkelstein, Threat Intelligence Manager at Check Point Software. It is also through this botnet network that French companies such as Airbus, Econocom, Faurecia, and others have been attacked.
It took a week of synchronized action between Europol, the FBI, and British, Canadian, French, Lithuanian, Dutch, and Ukrainian police forces to take control of the core network infrastructure. For now, and until cybercriminals manage to find a solution, all machines enrolled in the Emotet zombie network are now communicating with servers under police control. The difficulty was to manage to take control of the 90 servers spread across multiple countries that controlled the zombie network and the millions of infected machines.
“ Emotet was offered by its creators as malware as a service to other cybercriminals. Having such a broad reach and so many features is why having it disarmed by the authorities is good news for the cybersecurity world, ”said Adolf Streda, malware analyst at Avast.
However, the dismantling is unlikely to significantly impact the current number of cyber attacks. In the world of Botnets, networks never completely collapse and new ones take over in record time. Especially since, a priori, the fall of Emotet should not impact its “Epoch” derivatives.
And ransomware silenced
The other victory of the day was announced hours later by the US Department of Justice with the arrest of a Canadian national suspected of extorting nearly $ 28 million from companies in 2020 through NetWalker ransomware activity.
In addition to this arrest, a collaboration with the Bulgarian police ensured the seizure of the resources of the Thor nodes used to communicate with the victims of the ransomware and deliver them the instructions to pay the ransoms.
In other words, a heavy blow has been dealt with NetWalker. But then again, new ransomware is born regularly.
Find the best Antivirus Software to protect from Emotet Botnet and Netwalker Ransomware
However, we can hope that these dismantling will at least temporarily lead to a decrease in cyber-attacks on companies' IT infrastructures.
Comments
Post a Comment