Check if you were hit by the mas­sive 'Avalanche' cy­ber­crime ring

Sun.Star Pampanga - - TECH! -

SAN FRAN­CISCO — The U.S. gov­ern­ment has posted links for free scan­ning pro­grams so com­pa­nies and in­di­vid­u­als can check their com­put­ers to make sure they weren't vic­tims of a mas­sive, in­ter­na­tional cy­ber crim­i­nal op­er­a­tion that was taken down af­ter a four-year in­ves­ti­ga­tion.

“This is prob­a­bly the big­gest op­er­a­tion that law en­force­ment has ever done against cy­ber crime,” said Catalin Cosoi, chief se­cu­rity strate­gist with BitDe­fender, one of the dozens of com­pa­nies world­wide that worked with law en­force­ment to attack the group.

The U.S. Com­puter Emer­gency Readi­ness Team (US_CERT) has posted links to five scan­ners on its site. Europol has also posted a list of sites in mul­ti­ple lan­guages for po­ten­tially in­fected users.

The mal­ware only af­fects sys­tems run­ning the Mi­crosoft Win­dows op­er­at­ing sys­tem, ac­cord­ing to US-CERT.

The Depart­ment of Home­land Se­cu­rity’s Na­tional Cy­ber­se­cu­rity and Com­mu­ni­ca­tions In­te­gra­tion Cen­ter, which in­cludes US-CERT, will be pro­vid­ing vic­tim no­ti­fi­ca­tion to stake­hold­ers, in­clud­ing In­ter­net Ser­vice Providers, DHS said in a state­ment.

Known as "Avalanche," the group had been ac­tive since 2009, ac­cord­ing to the FBI and Europol, the Euro­pean law en­force­ment agency. It was ef­fec­tively a crim­i­nal com­pany that sold and rented cloud-hosted soft­ware to other crim­i­nals who used it to take over sys­tems, in­fect net­works, launch ran­somware or cre­ate enor­mous ro­bot net­works (bot­nets) to send spam.

Avalanche net­works were also used to launch tar­geted at­tacks against banks and to re­cruit peo­ple to il­le­gally trans­fer stolen money be­tween coun­tries, known as money mules.

"They sent more than one mil­lion e-mails with dam­ag­ing at­tach­ments or links every week to un­sus­pect­ing vic­tims," and in­volved as many as 500,000 in­fected com­put­ers world­wide on a daily ba­sis, Europol said in a re­lease.

“They would do what­ever you wanted. You just had to call them, say ‘I need com­mand and con­trol ser­vice,’or ‘I need to in­fect this type of peo­ple or this type of busi­ness,’ and they’d do it,” said Cosoi.

The in­ves­ti­ga­tion orig­i­nally be­gan in Ger­many in 2012 af­ter pros­e­cu­tors there de­tected a ran­somware op­er­a­tion that blocked ac­cess to a sub­stan­tial num­ber of com­puter sys­tems and al­lowed the crim­i­nals to do bank trans­fers from the vic­tims' ac­counts.

As au­thor­i­ties be­came aware of the scope and reach of the crim­i­nal or­ga­ni­za­tion, the ef­fort to shut it down ended up in­volv­ing pros­e­cu­tors and in­ves­ti­ga­tors in 30 coun­tries. Law en­force­ment take­down On Wed­nes­day, law en­force­ment launched a con­certed ac­tion against the Avalanche group. It re­sulted in five ar­rests, the search of 37 premises and seizure of 39 servers. In ad­di­tion, over 800,000 In­ter­net do­mains, or ad­dresses, were seized to block the crim­i­nals ac­cess to their cus­tomer s.

Now that the op­er­a­tion has been taken down, the next cru­cial stage is for in­fected in­di­vid­u­als and compa- nies to check to make sure that their com­put­ers do not have Avalanche mal­ware on them.

“Com­pa­nies and con­sumers should take this op­por­tu­nity to scan their sys­tems for the dif­fer­ent fam­i­lies of mal­ware that the Avalanche bot­net dis­trib­uted,” said ESET se­nior se­cu­rity re­searcher, Stephen Cobb.

Mul­ti­ple com­pa­nies world­wide have writ­ten tools to run this scan.

As Europol said on its web­site, "com­puter users should note that this law en­force­ment ac­tion will NOT clean mal­ware off any in­fected com­put­ers — it will merely deny the Avalanche users’abil­ity to com­mu­ni­cate with in­fected vic­tims’ com­put­ers. Avalanche vic­tims’com­put­ers will still be in­fected, but shielded from crim­i­nal con­trol."

While the ef­fort was hailed in the cy­ber se­cu­rity world as a ma­jor coup against cy­ber crime, the dif­fer­en­tial be­tween how fast in­ter­na­tional cy­ber­crime net­works pro­lif­er­ate and how quickly in­ter­na­tional law en­force­ment can act is troubl i ng.

“It does give some rea­son for con­cern that our anti-cy­ber­crime ef­forts still can't match the speed and dex­ter­ity that cy­ber crim­i­nals use for their own ef­forts," said Nathan Wen­zler, prin­ci­pal se­cu­rity ar­chi­tect at AsTech Con­sult­ing, a San Fran­cisco-based se­cu­rity con­sult­ing com­pany.

Un­for­tu­nately, while he be­lieves that dis­man­tling the Avalanche net­work will cer­tainly show some short-term gains, he ex­pects the cy­ber crim­i­nals will be "back up and run­ning in short or­der. -

Newspapers in English

Newspapers from Philippines

© PressReader. All rights reserved.