A strain of malware called Dridex has been making Eastern European cybercriminals a significant amount of money in recent years. But a spanner has been thrust into their machinations by a global law enforcement action announced today that saw one significant arrest and an attempt to dismantle the crook’s infrastructure.
Attackers have installed malicious firmware on nearly 200 Cisco routers used by businesses from over 30 countries, according to Internet scans performed by cybercrime fighters at the Shadowserver Foundation.
Previously, cyber security firm FireEye reported that only 14 Cisco routers of companies in India, Philippines, Mexico, and the Ukraine were infected with the malware. Monday’s report by the Shadowserver Foundation, however, shows that compromised routers can now be found in 31 countries, with 65 of the devices located in the United States.
SA government, Shadowserver Foundation and Let’s Encrypt recognised for contributions to cyber security
Liberty Reserve was like PayPal for the unbanked. Was it also a global money-laundering operation?
Many people still think that malware is a software that completely disrupts normal functioning of PCs. If your computer is working tip-top, it means it’s not infected, right? Wrong. Malware creators are not your bored cyber-cowboys anymore. The main goal of cybercriminals is not to make a cyber-badaboom just for kicks, but to earn money. In many cases this goal dictates completely opposite behaviour of malware: the best one is the least visible to users.
A joint operation by crime agencies and computer security companies has successfully taken down the Beebone botnet.
The Beebone botnet, used to deliver multiple malware payloads to compromised machines, has been shut down by US and European forces. On 8 April, Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT) teamed up with Dutch law enforcement, the FBI and security firms including Intel, Kaspersky and Shadowserver to disrupt the botnet under the Joint Cybercrime Action Taskforce umbrella.
The botnet takedown, known as Operation Source, was led by Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT). Most EU member states and law enforcement partners around the world coordinated in the action. The Dutch High Tech Crime Unit led the J-CAT effort. The U.S. Federal Bureau of Investigation provided valuable support.
The process of sinkholing is an important tool to have in your arsenal when dealing with emerging threats.