Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 27 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Global effort takes down Zeus and Cryptolocker botnet for two weeks

by The Gurus
June 2, 2014
in Editor's News
Share on FacebookShare on Twitter

Action by the National Crime Agency and other nations has disrupted Command & Control networks for the banking Trojan GOZeuS and the CryptoLocker ransomware.
 
According to the NCA, working with international law enforcement partners including the FBI and Europol, as well as partners from the banking, internet security and ISP sectors, it has given the British public a unique, two-week opportunity to rid and safeguard themselves from the two distinct forms of malware.
 
Lamar Bailey, director of security research and development at Tripwire, said: “The plan is to attack the parasite hard for two weeks while removing as many viable hosts as possible at the same time so that propagation targets will be limited after the attacks subside. This will not eliminate the malware, but could make it much harder for the operators to use and could cause massive financial loss for them.”

The two related forms of malware work with a computer infected with GOZeuS calling in CryptoLocker, to give the criminal controllers an opportunity to acquire funds from the victim if there is not a significant collection at the first instance.

The NCA said that individuals in the UK may receive notifications from their Internet Service Providers if they are a victim of the malware, and are advised to back up all important information – such as files, photography and videos. It advised businesses to test their incident responses and business resilience protocols and work with their IT departments or suppliers to educate employees on the potential threat.
 
Andy Archibald, deputy director of the NCA’s National Cyber Crime Unit, said: “Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals. By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them.
“Those committing cyber crime impacting the UK are often highly-skilled and operating from abroad. To respond to this threat, the NCA is working closely with law enforcement colleagues all over the world, and developing important relationships with the private sector.”
 
Among those involved with the take down were security vendors CrowdStrike, Dell SecureWorks, Trend Micro and McAfee, as well as academic researchers at VU University Amsterdam and Saarland University in Germany.
 
Also involved were virtual private server vendor Tagadab, who successfully took down one of the supernodes responsible for issuing commands across the botnet. Managing director Steve Rawlinson, said: “The scale of this operation is unprecedented. T
his is the first time we’ve seen a coordinated, international approach of this magnitude, demonstrating how seriously the FBI takes this current threat.

 
“Because of the way these particular botnets work, it is very difficult to find the people behind the crime or to stop the botnet from spreading. This joint operation from law enforcement agencies, ISPs, and IT security vendors is a carefully coordinated strike designed to disable the botnet for a few days.”
 
Rik Ferguson, global vice president of security research at Trend Micro, said that while this blow is effective, it is not permanent and it expects the malicious networks to return to their former strength within a week, if not days.
 
“This synchronised unprecedented collaboration between law enforcement, ISPs and the security industry sets a new standard for that which is possible in the name of internet security,” he said. “A truly global operation, this has seen coordinated activities aimed at taking over elements of the Command & Control infrastructure used to spread these pernicious malware families, but we cannot achieve this goal alone, every computer user has their own role to play.”
 
Asked if this was the beginning of the end of CryptoLocker’s grip on businesses and consumers, TK Keanini, CTO of Lancope, said: “This is not the end of any Ransomware, it is the beginning of the next phase in co-evolution. Like the bust and shutdown of Silkroad, it was just the rebirth of Silkroad 2.0 which is larger and even more robust.”
 
Keanini said he was “extremely excited” to read of these well-coordinated and successful defensive operations, and counters how well coordinated the attackers are. “Only once in a great while do we hear about defenders coming together to disrupt these cyber crime organisations,” he said. “This raises the cost of the cyber crime business model and we need to do this more often. Leave the crime fighting to the crime fighters and businesses can just focus on business continuity.”
 
Rawlinson said: “The operation relies on public awareness and ultimately this is the key to its success or failure. If users fail to update their security in the window of opportunity then there’s little the FBI or anyone else can do for them.
 
“Consumer education is hugely important because it prevents criminals from gaining the advantage, but we need a coordinated, long-term awareness campaign backed by businesses and governments across the world if we want messages about the dangers of Trojans and malware to really hit home.”
 

Dwayne Melancon, CTO of Tripwire, said: “I think this
is an opportunity to make progress against a huge internet threat. Taking out the command-and-control servers of a botnet is a huge task, but will make a big difference in allowing us to gain a foothold. If users and enterprises don’t reduce their attack surface by closing the security holes, the situation really won’t get better. They’ll just be compromised by the next iteration of the botnet.”

FacebookTweetLinkedIn
Tags: BotnetRansomwareTakedownTrojanZeus
ShareTweetShare
Previous Post

BT appoint vice president of cyber

Next Post

Asprox Botnet Targets Snail Mail Users

Recent News

#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023
Lupovis eliminates false positive security alerts for security analysts and MSSPs

Lupovis eliminates false positive security alerts for security analysts and MSSPs

January 26, 2023
Threat actors launch one malicious attack every minute

Threat actors launch one malicious attack every minute

January 25, 2023
The Salt Security API Protection Platform is Now Available on Google Cloud Marketplace

The Salt Security API Protection Platform is Now Available on Google Cloud Marketplace

January 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information