In the latest high-profile law enforcement action against cybercrime, agencies disrupted several notorious botnets and malware droppers widely used in ransomware attacks.
Europol on Thursday announced that an international law enforcement action, dubbed Operation Endgame, led to four arrests, more than 100 server seizures and 2,000 domain takeovers.
Europol said France, Germany and the Netherlands led the takedowns that occurred from May 27 to May 29.
The operation also involved agencies from Denmark, the U.K., the U.S., Armenia, Bulgaria, Lithuania, Portugal, Romania, Switzerland and Ukraine as well as private industry partners.
Operation Endgame disrupted several malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee.
Agencies also shut down Trickbot, a botnet Microsoft nearly eliminated in 2020 until operators quickly restored the infrastructure.
Ransomware is a growing threat and a continued target of law enforcement operations.
Europol said Bumblee was typically deployed in phishing campaigns and used to deliver additional malicious payloads to victims' networks; Smokeloader was also used to install additional malware.
Pikabot is a Trojan used by threat actors to gain initial access to victim networks.
In addition to dismantling cybercriminal infrastructure, Operation Endgame also resulted in four arrests of unnamed suspects.
One individual was arrested in Armenia, and three were arrested in Ukraine.
Agencies identified eight additional suspects who have not been arrested but were served summons, according to the official Operation Endgame website.
Europol also shed light on the proceeds ransomware actors gained through their attacks.
Governments and law enforcement agencies across the globe have responded with various operations and actions against cybercriminals.
Earlier this month, authorities identified and issued sanctions against the alleged LockBit ransomware gang ringleader known as LockBitSupp.
Jon Clay, vice president of threat intelligence at Trend Micro, told TechTarget Editorial that Thursday's takedown is the most effective type of action because it involved arrests and infrastructure takedown.
Clay added that there's been several law enforcement actions this year, which shows agencies are becoming more aggressive in going after cybercriminal groups and threat actors.
While he applauded increased law enforcement activities and arrests, Clay said harsher sentencing is needed to further deter cybercriminals.
Ian Usher, deputy global practice lead for strategic threat intelligence at NCC Group, agreed that these types of takedowns are a significant blow to cybercriminals.
Alexandru Catalin Cosoi, chief security strategist at Bitdefender, which assisted law enforcement in Operation Endgame, said the effort highlighted how important private and public sector coordination is to fight against cybercrime.
This Cyber News was published on www.techtarget.com. Publication date: Thu, 30 May 2024 20:13:11 +0000