Qakbot, one of the largest botnets in history, was taken down last weekend. Over the years, infrastructure has played a critical role in global cybercrime.
International action by police and justice agencies took down botnets, which were used widely to carry out ransomware attacks, financial fraud and other crimes.
The Netherlands, Germany, France, England, Romania and Latvia participated in Operation Duck Hunt, led by the American FBI. The investigation also includes Fox-IT, Northwave, the National Cyber Security Center and the Netherlands NFIR is involved. According to US Attorney Martin Estrada, this is the most significant technological and financial operation the FBI has ever conducted against botnets.
In the Netherlands, the joint efforts of the Prosecutor’s Office and the High-Tech Crime Team at various data centers managed to seize 22 servers associated with the rogue Qakbot. Six and eight computer servers were shut down in France and Germany respectively. It involves a total of 52 servers worldwide. The US Department of Justice seized $8.6 million in cryptocurrency.
Hundreds of millions of losses
The FBI in Los Angeles managed to take control of the botnet and direct its traffic to servers controlled by the FBI. The malicious Qakbot malware is then removed from the infected computer system with an update. 700,000 infected computers were identified worldwide last year. Conservative estimates suggest that botnets have caused hundreds of millions in losses to companies and government agencies through ransomware.
What makes Qakbot so dangerous is malware, as it were, opens the door to other forms of cybercrime. Large criminal groups are given access to infected computer networks for a fee and then install ransomware on them.
The criminal organization behind Qakbot, probably of Russian origin according to security experts, has been active since 2008. Qakbot is a modular malware family that can install all kinds of additional malware on systems, steal passwords from browsers and email clients, and are extremely difficult to remove. Computer infections with Qakbot malware are often carried out through email phishing attacks.
Dutch police have recovered 7.6 billion credentials stolen from computer users (email addresses and login details). On a special site is for Dutch people to check if their login details exist.
“Coffee trailblazer. Analyst. General music geek. Bacon maven. Devoted organizer. Incurable internet ninja. Entrepreneur.”
