RaidForums, ZLoader, Hydra Takedowns Hide the Challenges of Fighting Cybercrime...
source link: https://www.wired.com/story/raidforums-zloader-hydra-fight-cybercrime/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
It Was a Good Month for Fighting Cybercrime. Don't Get Comfortable
As ransomware attacks across the United States and around the world reached a fever pitch in 2021, private companies and governments made their most extensive promises yet to address and deter such attacks and dismantle the cybercriminal ecosystem. A flurry of activity in recent weeks highlights progress on these efforts. But cybercrime is still at an all-time high, and researchers warn that there is no single holistic solution.
The Department of Justice announced last Tuesday the takedown of RaidForums, a marketplace for sensitive stolen data like usernames and passwords, Social Security numbers, and individuals' financial information. They also said they had charged RaidForums’ alleged founder and chief administrator, 21-year-old Diogo Santos Coelho of Portugal, and arrested him in the United Kingdom on January 31. A day later, Microsoft said it had disrupted the ZLoader botnet, a favorite malware distribution platform for ransomware actors that include the Ryuk gang, which is known for targeting hospitals and other health care organizations. Microsoft even chose to name the alleged developer of one ZLoader component, who lives on the Crimean Peninsula, “to make clear that cybercriminals will not be allowed to hide behind the anonymity of the internet to commit their crimes.” And during the first week of April, German law enforcement working with US agencies announced the takedown of Russian-language dark web market Hydra. In addition to offering a platform to sell drugs and other elicit goods, Hydra was a major cybercriminal money-laundering and cash-out hub.
Dark web market and botnet takedowns have been going on for years, but the escalating pace and scale of these interventions is noteworthy. After the Hydra takedown, for example, researchers found that users were concerned about how to replace its services and whether they would be able to trust new sites that could simply be fronts for law enforcement.
Allan Liska, an analyst for the security firm Recorded Future, says Whac-A-Mole is still an apt analogy for what's going on, but that doesn't mean there hasn't been progress.
“Forgive me, I am going to stretch the analogy a little bit,” he said. “When you first start playing Whac-A-Mole, you can’t keep up and the moles keep winning. But if you head out to Coney Island every day with a pocketful of quarters, eventually you get really good at it. For the longest time, law enforcement and Big Tech were getting a little better each time, but now it’s like they are training for the Whac-A-Mole championships. We have seen an acceleration of takedowns over the last few years.”
Liska says expanded international cooperation, more law enforcement experience with running digital operations, and better public/private communication have all contributed to the improvement.
Still, cybercrime is an ever-present threat. At the end of March, the FBI’s Internet Crime Complaint Center published its annual report on cybercrime-related submissions received in 2021. The group got 847,376 complaints that totaled nearly $7 billion in losses, a 64 percent increase over 2020. And the report opened by saying that last year, “America experienced an unprecedented increase in cyber attacks and malicious cyber activity.”
Researchers say, however, that different types of cybercrime must be addressed in different ways. For example, the Internet Crime Complaint Center (IC3) said in its 2021 compendium that nearly $2.4 billion of the reported losses came from business email compromise and email account compromise scams. And such schemes are less technical and much more decentralized than ransomware attacks and other types of cybercrime.
“When there are relatively few actors that run a significant amount of the overall activity, law enforcement intervention can make a noticeable impact in the overall threat landscape,” says Crane Hassold, director of threat intelligence at Abnormal Security and a former digital behavior analyst for the FBI. “But BEC is highly decentralized; there are literally thousands of actors that are very loosely affiliated—there is no head of the snake.”
Even when it comes to centralized criminal infrastructure like dark web marketplaces, malware families, and botnets, Hydra's name is apt. Law enforcement will conduct takedowns and even arrests, only to find new iterations of the same services cropping up later using rebuilt infrastructure and run by the actors who got away. As Microsoft put it in an announcement about the ZLoader takedown, “Our disruption is intended to disable ZLoader’s infrastructure and make it more difficult for this organized criminal gang to continue their activities. We expect the defendants to make efforts to revive Zloader’s operations.”
Recorded Future's Liska emphasizes, though, that this relentless pace shouldn't distract from the gains defenders are making.
“Yes, bad guys are able to set new stuff up. But we are much better at getting that new stuff knocked down,” he says.
This progress is focused mostly on types of cybercrime that rely on cryptocurrency to enable massive value transfers, like ransomware and digital extortion. Hassold adds, though, that BEC scammers use totally separate networks of money mules and bank transfer schemes to pilfer traditional fiat currency.
“It will just have to be approached in a completely different way,” he says. “You can’t even arrest dozens or hundreds of these guys or take care of the main actors, because there are no main actors.”
Even as law enforcement makes real progress honing its ability to mount some types of enforcement actions, there's a bigger conceptual issue if your local arcade keeps adding more and more Whac-A-Mole machines all around you.
- 📩 The latest on tech, science, and more: Get our newsletters!
- The race to rebuild the world's coral reefs
- Is there an optimal driving speed that saves gas?
- As Russia plots its next move, an AI listens
- How to learn sign language online
- NFTs are a privacy and security nightmare
- 👁️ Explore AI like never before with our new database
- 🏃🏽♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers, running gear (including shoes and socks), and best headphones
Recommend
-
23
最近出现的 zloader 的恶意文档升级了额外的检测逃避手段,使得确定宏代码的入口点以及额外的分析变得更加困难。 介绍 多亏了 Excel 4.0 宏才让很多恶意代码老树开新花,来!所有人都必须熟悉这些古老...
-
8
Let’s talk about the N+1 problem in Rails. We will go through a short intro for beginners, speak of the ways to tame the problem (specifically, using the bullet gem), ActiveSupport instrumentation, and introduce the rspec-s...
-
5
RaidForums Gets Raided, Alleged Admin Arrested The U.S. Department of Justice (DOJ) said today it seized the website and user database for RaidForums
-
5
Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quick...
-
5
暗网市场 RaidForums被一锅端了-51CTO.COM 暗网市场 RaidForums被一锅端了 作者:Zicheng 2022-04-13 12:16:58 安全 在行动中,执法部...
-
10
Raidforums marketplace shut down in global operationBy Shiona McCallumTechnology reporterPublished1 day agoImage source, Getty ImagesAn online for...
-
3
RaidForums 站长被捕
-
8
ZLoader botnet campaign ‘a wakeup call’ on how ransomware can evolve Microsoft created this heat map of the regions that have been affected by ZLoader attacks.Image Credit: Micr...
-
7
美及欧洲执法机构联盟查封了黑客网站RaidForums.com-51CTO.COM 美及欧洲执法机构联盟查封了黑客网站RaidForums.com 作者:cnBeta 2022-04-15 10:19:12 ...
-
6
Microsoft ZLoader Date of First Publication: Apr 13, 2022 Plaintiffs Microsoft Corporation (“Microsoft”), FS-ISAC, Inc. (“FS-ISAC”), and HEALTH-ISAC, In...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK