Cracking Down on Global Cybercrime: FBI and European Allies Dismantle Major Malware Network
U.S. officials announced on Tuesday that the FBI and its European allies infiltrated and seized control of a global malware network that had been used for more than 15 years to perpetrate a variety of online offenses, including ransomware attacks.
The malicious software agent, known as Qakbot, was then remotely removed from thousands of infected computers.
Cybersecurity specialists were astonished by the network’s deconstruction, but they cautioned that any setback to cybercrime would likely be temporary.
“Nearly ever sector of the economy has been victimized by Qakbot,” Martin Estrada, the U.S. attorney for the Central District of California, said in announcing the seizure on Tuesday. Over the course of 18 months, he said, the criminal network was responsible for approximately 40 ransomware attacks that, according to investigators, garnered Qakbot administrators approximately $58 million.
Estrada stated that the victims of Qakbot’s ransomware included an Illinois engineering firm, financial services organizations in Alabama and Kansas, a Maryland defense manufacturer, and a Southern California food distribution company.
Officials reported the seizure or freezing of $8.6 million in cybercurrency, but no arrests were reported.
According to Estrada, the investigation is ongoing. He refused to disclose the location of the malware’s administrators, who gathered infected machines into a botnet of undead computers. Researchers in cybersecurity believe they are in Russia or other former Soviet nations.
Officials estimated that the so-called malware injector, a digital Swiss army knife for cybercriminals also known as Pinkslipbot and Qbot, was used to cause hundreds of millions of dollars in damage since its debut in 2008 as a bank trojan that steals sensitive data. They reported that millions of individuals in virtually every nation on earth have been affected.
Typically distributed via fraudulent emails, Qakbot granted initial access to compromised computers to cybercriminals. They could then deploy additional payloads, such as ransomware, take sensitive information, or collect intelligence on victims in order to effectuate financial fraud and other crimes, such as tech support and romance scams.
Read Also: Google’s Home Automation Surges Ahead, Outpacing the Competition
Unprecedented Takedown of Qakbot, the Cybercrime Ecosystem’s Major Player
Donald Alway, assistant director in command of the FBI’s Los Angeles office, described the Qakbot network as “one of the most devastating cybercriminal tools in history,” stating that it was “literally feeding the global cybercrime supply chain.” Two cybersecurity firms discovered that Qakbot was the most frequently detected malware in the first half of 2023, affecting one in ten corporate networks and accounting for approximately 30% of global attacks. Such “initial access” tools enable extortionist ransomware gangs to bypass the initial step of penetrating computer networks, making them major facilitators for the far-flung, predominantly Russian-speaking criminals who have wreaked havoc by stealing data and disrupting schools, hospitals, governments, and businesses around the world.
Beginning on Friday in an operation dubbed “Duck Hunt,” the FBI, Europol, and law enforcement and justice partners in France, the United Kingdom, Germany, the Netherlands, Romania, and Latvia seized more than 50 Qakbot servers and identified more than 700,000 infected computers, including over 200,000 in the United States, effectively cutting criminals off from their prey.
The FBI then utilized the seized Qakbot infrastructure to remotely distribute updates that eradicated malware from tens of thousands of infected computers. A senior FBI official briefing reporters under the condition of anonymity described this number as “fluid” and cautioned that other malware may have remained on Qakbot-freed machines.
It was the FBI’s greatest victory against cybercriminals since January, when it “hacked the hackers” by dismantling the prolific Hive ransomware gang.
“It is an impressive takedown. Qakbot was the largest botnet” in terms of the number of victims, according to Alex Holden, proprietor of Hold Security in Milwaukee. However, he stated that it may have been a victim of its own success due to its phenomenal growth over the past few years. “Large botnets today tend to implode as too many threat actors are mining this data for various types of abuse.”
Expert in cybersecurity at Sophos Chester Wisniewski concurred that, despite the possibility of a transient decline in ransomware attacks, criminals are likely to either revive infrastructure elsewhere or shift to other botnets.
“This will cause a lot of disruption to some gangs in the short term, but it will do nothing from it being rebooted,” he said. “Albeit it takes a long time to recruit 700,000 PCs.”
Read Also: Chemists Transform Plastic Waste into Miniature Soap Bars
Source: US News