Authorities Take Down Andromeda Botnet

The Federal Bureau of Investigation (FBI) and law enforcement agencies in Europe managed to dismantle the Andromeda botnet last week.
Also known as Gamarue, Andromeda malware has been around since 2011 and used to ensnare the infected computers into a botnet. The main purpose of this network of infected machines was to distribute other malware families, including the Dridex banking Trojan or point-of-sale (PoS) malware GamaPoS.
In a FortiGuard Labs report detailing the top 5 methods used to attack healthcare in Q4, 2016, Andromeda emerged as the top botnet.
Packing a loader that features virtual machine and debug evasion techniques, Andromeda downloads modules and updates from its command and control (C&C) server. Overall associated with 80 malware families, the threat was detected on or blocked on an average of over 1 million computers every month for the past six months.
The takedown, a joint effort from the FBI, the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s European Cybercrime Centre (EC3), the Joint Cybercrime Action Task Force (J-CAT), Eurojust, and private-sector partners, was performed on November 29.

移动支付安全中间人攻击防范
The operation was the result of information gathered following last year’s shut down of a large criminal network known as Avalanche, a platform used for mass global malware attacks and money mule recruiting. Andromeda was also used in the Avalanche network.
“Insights gained during the Avalanche case by the investigating German law enforcement entities were shared, via Europol, with the FBI and supported this year’s investigations to dismantle the Andromeda malware last week,” a Europol announcement reads.
Investigators focused on taking down servers and domains used to spread the Andromeda malware and resulted in the sinkholing of 1500 domains. 48 hours of sinkholing resulted in around 2 million unique Andromeda victim IP addresses from 223 countries being captured.
The takedown operation also included the search and arrest of a suspect in Belarus.
The investigators also decided to extend the sinkhole measures of the Avalanche case for another year, as globally 55% of the computers originally infected in Avalanche continue to be infected.
The measures to combat Andromeda and Avalanche involved the following countries: Austria, Belgium, Finland, France, Italy, the Netherlands, Poland, Spain, the United Kingdom, Australia, Belarus, Canada, Montenegro, Singapore, and Taiwan.
有些身份窃贼通过黑客手段进入组织的大型数据库,进而一次性获取大量用户信息。所以,当我们必须分享个人信息的时候,我们一定只分享给那些我们认识和信任的组织。
Private and institutional partners involved in the takedown include: Shadowserver Foundation, Microsoft, Registrar of Last Resort, Internet Corporation for Assigned Names and Numbers (ICANN) and associated domain registries, Fraunhofer Institute for Communication, Information Processing and Ergonomics (FKIE), and the German Federal Office for Information Security (BSI). 
“This is another example of international law enforcement working together with industry partners to tackle the most significant cyber criminals and the dedicated infrastructure they use to distribute malware on a global scale. The clear message is that public-private partnerships can impact these criminals and make the internet safer for all of us,” Steven Wilson, the Head of Europol’s European Cybercrime Centre, said.
Related: Global Police Smash Huge Online Crime Network: Europol
Related: These Were the Top Threats Targeting Healthcare Firms in Q4 2016
黑客遇上新的钱途,钱不是唯一的动机,有些人还怀着政治目的。犯罪团伙在积极购买新的漏洞和利用信息,情报机关和安全机构仅靠自身的研究力量可能有限,收买黑客研究出来的新漏洞,甚至招安他们不失为上策。

猜您喜欢

让科技赋能金融,让金融普惠大众 ——微众银行的金融科技实践
美国制造业回归给中国企业的信息安全启示
CyberSecurity Law Introduction 网络安全法宣传视频系列
王者荣耀主播触手蓝烟 技术太强把粉丝打成了路人
EROROMANCE JETAIR
企业信息安全一分钟快速教程