The majority of major botnets have been distrupted in recent years, leaving new start-ups” as those will be next to be taken down.
Last week saw Microsoft, Europol’s European Cybercrime Centre (EC3), the FBI and security companies further disrupt the ZeroAccess botnet. Allegedly infecting two million endpoints and costing online advertisers upwards of $2.7 million each month, the botnet targeted major search engines and browsers, where it hijacked search results and directed people to potentially dangerous websites that could install malware onto their computer, steal their personal information or fraudulently charge businesses for online advertisement clicks.
Microsoft called ZeroAccess “one of the most robust and durable botnets in operation today”, and said that because of the sophistication of the threat, the companies involved do not expect to fully eliminate ZeroAccess, however it did expect the action to “significantly disrupt” the botnet’s operation by disrupting the cyberc riminals’ business model and forcing them to rebuild their criminal infrastructure.
A previous effort led by Symantec in October is credited with taking out a quarter of the compromised drones. Microsoft claimed that this was the first botnet action since the unveiling of the Microsoft Cybercrime Centre, and marks Microsoft’s eighth botnet action in the past three years.
Also last week, the creator of the Skynet botnet was arrested, with the Hacker News reporting that German police arrested two people suspected of illegally generating Bitcoins worth nearly $1 million using a modified version of the malware.
German police issued a (translated) press release which claimed that investigations were being conducted against three suspects on suspicion of commercial and gang-moderate computer fraud. “The investigation of the BKA have confirmed the suspicion that the perpetrator group modified an existing malware, and compromised by external computer systems and has merged into a botnet. In addition to the spying [of] digital identities, offenders over the compromised computer could generate the digital currency Bitcoin and gain a significant financial benefit.”
Once the purpose of a botnet could be to install malware to steal cash, credentials or simply to launch attacks, while now it seems that the sophistication has massively increased with the capability to generate Bitcoins. If malware allows you to build your own network and print your own money, could funding of malware be entering a new phase?
I suspect that there is some translation issues here, but what I suspect is the case is that the Bitcoin is now the primary target for many advanced cyber criminals. Once it was credentials, and that is surely still the primary target for the large majority of attackers, but what do they trade for? A pound for a credit card perhaps? If a Bitcoin’s worth can rapidly increase at the rate we have seen, then those with the know-how will see that as the opportunity.
Moving back to Microsoft, an intriguing statement was released last week which deemed Government snooping to be an “advanced persistent threat” alongside sophisticated malware and cyber attacks.
The statement by Brad Smith, general counsel and executive vice president of legal and corporate affairs at Microsoft, claimed that it was “especially alarmed by recent allegations in the press of a broader and concerted effort by some governments to circumvent online security measures – and in our view, legal processes and protections – in order to surreptitiously collect private customer data”.
He said that if true, stories of Governmental interception and collection without search warrants or legal subpoenas of customer data as it travels between customers and servers or between company data centres could “seriously undermine confidence in the security and privacy of online communications”.
As a result, it is expanding encryption across its services; reinforcing legal protections for users data; and enhancing the transparency of its software code, making it easier for customers to reassure themselves that Microsoft products do not contain back doors.
Trust is a key issue for the web giants these days, which is probably why Microsoft and seven other companies have formed the Global Government Surveillance Reform g
roup. If you lose user’s trust, you will have a hard time winning it back.