HackDig : Dig high-quality web security articles for hacker

Avalanche: Thwarting Cybercriminal Hazards with Law Enforcement Collaboration

2016-12-07 22:10

On November 30th, an international law enforcement operation stamped out Avalanche, a large-scale content and management platform designed for the delivery of bullet-proof botnets. Avalanche’s scale and scope spanned victims from 180 countries, over 800,000 domains in 60+ top-level domains (TLD), more than one million phishing and spam e-mails, 500,000 infected machines worldwide, and 130TB of captured and analyzed data.

The coordinated effort from international law enforcement agencies that include Germany’s Public Prosecutor’s Office Verden and the Lüneburg Police, the U.S.’s Attorney Office for the Western District of Pennsylvania, Department of Justice and the Federal Bureau of Investigation (FBI), Europol, and Eurojust as well as partners in ShadowServer, resulted in one of the most successful anti-cybercrime operations in recent years. Avalanche, whose takedown was four years in the making, joins SpyEye, SIMDA, Refud.me and Cryptex Reborn, DRIDEX, ZeroAccess, TDSS, ZeuS/ZBOT, Dorkbot and Nigerian scammers, in a string of similar takedowns that thwarted malefactors from further launching cyberattacks and stealing financial data.

We also commend the security researchers and analysts who were instrumental in dismantling Avalanche, along with the support of industry stakeholders and all those who helped in this long investigation.

Malware Family Trend Micro Detection Malware Family Trend Micro
Detection
Citadel CITADEL/ZBOT Rovnix ROVNIX
Corebot COREBOT Smoke Loader / Dofoil GAMARUE
Bolek BOLEK TeslaCrypt RANSOM_TESLACRYPT / CRYPTESLA
Gozi2 GOZI/PAPRAS Tiny Banker / Tinba TINBA
Goznym NYMAIM/KRYPTIK UrlZone BEBLOH
KINS/VMZeus ZBOT  Vawtrak VAWTRAK
Matsnu BKDR_MATSNU  Xswkit BEBLOH/TALALPEK
Nymaim NYMAIM / HPNYMAIM  Cerber RANSOM_CERBER
Pandabanker KRYPTIK/INJECT  Locky RANSOM_LOCKY
Randybus BANKER

Figure 1. Some of the malware families leveraged by Avalanche

 

Information from Europol and Shadowserver Foundation cited over 20 malware families involved in Avalanche’s campaigns, which Trend Micro’s free HouseCall online scanner has detections for. Affected end users can also utilize HouseCall to remove the related files from their systems—which is as crucial as malware removal. Command and control (C&C) communications from infected machines, for instance, can still be triggered, consequently generating junk traffic that can affect system performance. A compromised machine could also be potentially configured to prevent it from accessing Internet resources such as cleanup tools and patches. Users can mitigate risks of reinfection by updating device and account credentials, checking if online accounts or backups have been modified, and ensuring that the latest patches are installed in the system.

Figure 2. Top countries affected by banking malware, Q1–Q3 2016

 

Cashing In on Financial Information

Aside from ransomware, Avalanche’s arsenal mainly comprised banking malware. These enabled bad guys to surreptitiously harvest e-mail and banking credentials, which cost German online banking systems approximately 6 million euros in losses.

Avalanche paints a classic picture of cybercrime’s commercialization, employing malware to cash in on the victims’ digital information. Feedback from our Smart Protection Network showed that within the first three quarters of 2016, Brazil and the U.S. had the most banking malware detections in their regions. In Europe, most of detections were observed in Germany, Italy, France, United Kingdom, Austria, and Spain. In the APAC region, Japan, the Philippines, Vietnam and China took the brunt of threats that leveraged banking Trojans.

 

Making the World Safe for Exchanging Digital Information

Avalanche’s infrastructure was spread across 30 countries and several U.S. states, and needed a multinational effort to take down. Trend Micro, particularly the Forward Looking Threat Research (FTR) team, works concertedly with various law enforcement agencies around the world—the Interpol, Europol, FBI, and U.K.’s National Crime Agency, to name a few—to help fight cybercrime.

We help empower international law enforcement organizations that keep watch over their cyberspace by providing the necessary technology, information and expertise. We don’t just supply data; Trend Micro also actively collaborates with law enforcement on investigations to ultimately attribute and bring to justice those behind cybercriminal attacks.

More than just working to protect our customers, Trend Micro also aims to make the world safe for exchanging digital information. Cybercrime is a growing global “enterprise,” but with five arrests, 37 searched premises, 39 seized servers and 221 more knocked offline, Avalanche’s takedown, along with similar triumphs, not only serves as a cautionary tale for would-be cybercriminals. It also demonstrates our industry’s progress in making the internet safer for everyone.


Source: /AjLGlWHKWIP/3~/golBerawlaM-itnA/r~/moc.orcimdnert.sdeef

Read:3866 | Comments:0 | Tags:Botnets Malware Avalanche banking malware botnet law enforce

“Avalanche: Thwarting Cybercriminal Hazards with Law Enforcement Collaboration”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud