The FBI released the below report:
It was a highly secure
infrastructure of servers that allegedly offered cyber criminals an unfettered
platform from which to conduct malware campaigns and “money mule” money
laundering schemes, targeting victims in the U.S. and around the world.
But the Avalanche network,
which was specifically designed to thwart detection by law enforcement, turned
out to be not so impenetrable after all. And late last week, the FBI took part
in a successful multi-national operation to dismantle Avalanche, alongside our
law enforcement partners representing 40 countries and with the cooperation of
private sector partners. The investigation involved arrests and searches in
four countries, the seizing of servers, and the unprecedented effort to
sinkhole more than 800,000 malicious domains associated with the network.
It’s estimated that Avalanche
was responsible for as many as 500,000 malware-infected computers worldwide on
a daily basis and dollar losses at least in the hundreds of millions as a
result of that malware.
“Cyber criminals can
victimize millions of users in a moment from anywhere in the world,” according
to Scott Smith, assistant director of the FBI’s Cyber Division. “This takedown
highlights the importance of collaborating with our international law enforcement
partners against this evolution of organized crime in the virtual.”
The investigation into the
highly sophisticated Avalanche network, initiated four years ago by German law
enforcement authorities and prosecutors, uncovered numerous phishing and spam
campaigns that resulted in malware being unwittingly downloaded onto thousands
of computers internationally after their users opened bad links in e-mails or
downloaded malicious attachments. Once the malware was installed, online
banking passwords and other sensitive information were stolen from victims’
computers and redirected through the intricate network of Avalanche servers to
back-end servers controlled by the cyber criminals, who wasted no time in using
this information to help themselves to other people’s money.
One type of malware
distributed by Avalanche was ransomware, which encrypted victims’ computer
files until the victim paid a ransom to the criminal perpetrator. Other types
of malware stole victims' sensitive banking credentials, which were used to
initiate fraudulent wire transfers. And in terms of the money laundering
schemes, highly organized networks of money mules purchased goods with the
stolen funds, enabling the cyber criminals to launder the illicit proceeds of
their malware attacks.
How did these cyber criminals
hear about the Avalanche network in the first place? Access to the network was
advertised through postings—similar to advertisements—on exclusive underground
online criminal forums.
“Cyber criminals can
victimize millions of users in a moment from anywhere in the world.”
Scott Smith, assistant
director, FBI Cyber Division
Because most cyber schemes
cross national borders, an international law enforcement response is absolutely
critical to identifying not just the technical infrastructure that facilitate
these crimes, but also the administrators who run the networks and the cyber
criminals who use these networks to carry out their crimes.
The FBI—with its domestic and
international partners—will continue to target the most egregious cyber
criminals and syndicates. But U.S. businesses, other organizations, and the
general public need to do their part by protecting their computers and networks
from malware and other insidious cyber threats. Don’t click on links embedded
inside e-mails. Don’t open e-mail attachments without verifying who they’re
from. Use strong passwords. Enable your pop-up blocker. Only download software
from sites you trust. And make sure your anti-virus software is up to date.
Each of us securing our own
devices—coupled with a coordinated law enforcement effort to combat ongoing
cyber threats—will go a long way toward protecting all of us in cyberspace.
No comments:
Post a Comment