Microsoft and a team of companies and law enforcement groups have disabled — at least temporarily — one of the world’s largest hacking operations, an effort run by Russian-speaking cybercriminals that officials feared could disrupt the presidential election in three weeks.
In recent weeks, the U.S. military has mounted an operation to temporarily disrupt what is described as the world’s largest botnet — one used also to drop ransomware, which officials say is one of the top threats to the 2020 election.
The first quarter of 2020 saw a decrease in the number of botnet Command & Controllers (C&Cs) tracked and listed by the Spamhaus research team, but in the second quarter they were back to levels typically seen in 2019.
[news release] During the ECP’s annual congress at the AFAS Circustheater in Scheveningen, the Abuse Information Exchange officially launched the AbuseHUB. The HUB is a system for the central processing of information about botnet infections in the Netherlands, designed to speed up the detection of infected computers and to bring internet users faster and better help dealing with viruses. The new set-up means botnets can be tackled more effectively and internet security in the Netherlands can be further enhanced. The AbuseHUB is an initiative by seven internet service providers, SURFnet and SIDN, realised with financial support from the Dutch Ministry of Economic Affairs and SIDN.
Number of infections is high and rising
Botnets are networks of computers that, unknown to their owners, have been infected with a virus or other malware, enabling someone else to control them. Botnets are widely used for sending spam and mounting cyber-attacks. In most cases, botnet software barely affects the infected computer. Consequently, the owners are often unaware that anything is wrong. However, the activities of botnets can cause a lot of harm and inconvenience to others. Research by Delft University of Technology suggests that, over a year, between 5 and 10 per cent of consumers in the Netherlands suffer a botnet infection. Abuse IX is determined to get that figure down.
Strength in numbers
Abuse Information Exchange is a joint initiative by the internet service providers KPN, SOLCON, Tele2, UPC, XS4ALL, Zeelandnet and Ziggo, plus SIDN. Established in 2012, the association is a spin-off of ECP â the Platform for the Information Society. The newly formed organisation was strengthened further when SURFnet joined a short while later. Since then, the partners have been busy designing the AbuseHUB, which has been realised by software developer Ibuildings. After thorough testing, the AbuseHUB is now ready for use. Today marks its official launch. “The AbuseHUB will collate and analyse botnet infection reports and send the findings to the affiliated organisations,” explained Gert Wabeke, Chairman of the Abuse Information Exchange. “So, for example, the internet service providers will have an up-to-date picture of reported infections in their network, enabling them to take swift, targeted action to deal with the botnets. That means that we can limit the damage done by the botnets and cut costs.”
Roelof Meijer, SIDN’s CEO: “To a considerable extent, internet security is down to the individual user. However, it also depends on the involvement of the internet industry and the government. The strength of this initiative is that it comes from within the sector and therefore enjoys a lot of support. We saw the same with the Notice and Take Down Code, which was developed and implemented by the sector of its own volition. The Netherlands is ahead of the game in that respect. We are proud that SIDN has been able to contribute to this initiative by providing technical management of the AbuseHUB. What’s more, through our role as administrator of the .nl domain, we have a lot of information that can be very useful to Exchange members in the fight against botnets. It’s good that we can now make even more effective use of our data. That contributes to the security of the .nl domain and of the internet in the Netherlands. So everyone benefits.”
This SIDN announcement was sourced from:
Microsoft announced it had, in conjunction with the financial services industry successfully executed a coordinated global action against some of the most notorious cybercrime operations that fuel online fraud and identity theft.
As part of the operation, Microsoft and its partners took down two Internet Protocol addresses behind the Zeus command and control structure, and Microsoft is currently monitoring 800 domains secured in the operation, which are helping identify thousands of computers infected by Zeus.
The legal and technical action led to a number of the most harmful botnets using the Zeus family of malware worldwide have been disrupted in an unprecedented, proactive cross-industry action against this cybercriminal organisation.
Partners in the operation were Information Sharing and Analysis Center (FS-ISAC) and NACHA â The Electronic Payments Association and Kyrus Tech Inc.
Through an extensive and collaborative investigation into the Zeus threat, Microsoft and its banking, finance and technical partners discovered that once a computer is infected with Zeus, the malware can monitor a victimâs online activity and automatically start keylogging, or recording a personâs every keystroke, when a person types in the name of a financial institution or ecommerce site. With this information, cybercriminals can steal personal information that can be used for identity theft or to fraudulently make purchases or access other private accounts. In fact, since 2007, Microsoft has detected more than 13 million suspected infections of the Zeus malware worldwide, including approximately 3 million computers in the United States alone.
âWith this action, weâve disrupted a critical source of money-making for digital fraudsters and cyberthieves, while gaining important information to help identify those responsible and better protect victims,â said Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit. âThe Microsoft Digital Crimes Unit has long been working to combat cybercrime operations, and today is a particularly important strike against cybercrime that we expect will be felt across the criminal underground for a long time to come.â
For more detailed information on the operation, see the New York Times report titled Microsoft Raids Tackle Internet Crime at www.nytimes.com/2012/03/26/technology/microsoft-raids-tackle-online-crime.html and the Microsoft news release Microsoft Joins Financial Services Industry to Disrupt Massive Zeus Cybercrime Operation That Fuels Worldwide Fraud and Identity Theft at www.microsoft.com/Presspass/press/2012/mar12/03-25CybercrimePR.mspx.