Global Malicious Software Crackdown Captured 100+ Servers
A multinational alliance of law enforcers orchestrated by the Justice and Police Bodies of the European Union has unveiled an ongoing campaign against malware droplet distributors that Europol dubbed as the “most extensive operation” of its type.
Dubbed as “Operation Endgame,” the continuous effort is focused on malware container “droplets” and “loaders,” aiming to disrupt extensive deployments of malicious software.
Between May 27 and May 29, authorities apprehended four individuals, confiscated over 100 servers, and assumed control of more than 2,000 domains. Arrests were carried out in Ukraine and Armenia, while servers were dismantled or interrupted in Bulgaria, Canada, Germany, Lithuania, the Netherlands, Romania, Switzerland, the U.K., the U.S., and Ukraine.
The initiative was spearheaded by the police forces in France, Germany, and the Netherlands, with reinforcement from Denmark, the U.K., the U.S., and the European Union’s justice cooperation bureau, Eurojust.
Attackers inject malware through deceptive emails, platforms, or downloads
Droplets and loaders discreetly implant malicious software, commonly triggered when a target interacts with a deceptive email attachment, accesses a compromised website, or downloads software. The industry of providing tools for deploying droplets, known as Malware-as-a-service, may flourish, prompting law enforcement to target individuals and structures they recognized as capable of “simultaneously dismantling these botnets and disrupting the infrastructure exploited by cyber offenders.”
The malware droplets and loaders under the scope of Operation Endgame comprise Bumblebee, IcedID, Smokeloader, and Trickbot.
SEE: Can a VPN conceal your IP address?
“Many of the targets were unaware of the contamination on their systems,” Europol iterated on the Operation Endgame website. “The calculated financial harm these criminals have inflicted on organizations and public institutions totals to hundreds of millions of euros.” Presently, one euro equates to USD $1.08.
As per Europol, one suspect amassed €69 million in cryptocurrency by leasing out platforms for executing ransomware.
Operation Endgame persists, with eight people marked as fugitives by the operation and included in Europe’s Most Wanted list on May 30.
“The battle against transnational cyber offenses does not cease here, and the FBI is devoted to tackling this perpetually developing menace,” stated FBI Director Christopher Wray in a news release.
How institutions can guard against malicious software
A significant portion of the malware disseminated by individuals linked to Operation Endgame originated from email attachments, compromised platforms, or bundled with complimentary downloads of authorized software. Organizations are advised to utilize this law enforcement initiative as an occasion to counsel staff to be cautious of promos for free software and email attachments from suspicious sources. Besides, institutions can educate employees on optimal cybersecurity approaches and techniques for identifying phishing attempts.
“A core trait found in multiple of the disbanded botnets is the capability for automating “thread hijacking” or inserting content into legitimate email discussions which have been extracted, manipulated, and then dispatched to accounts that may have previously engaged in the conversation thread or other accounts within the corporation,” articulated Daniel Blackford, the head of threat exploration at Proofpoint, in correspondence with TechRepublic.
The cybersecurity firm Proofpoint contributed to Operation Endgame.
“The essential counsel: you cannot innately trust file attachments randomly inserted into legitimate conversation threads,” Blackford accentuated. Instead, “Whenever feasible, verify directly with your colleague that any file transfers or URLs sharing, particularly to file hosting platforms, are deliberate and anticipated.”
About Author
