Europol plans more malware 'takedowns'

News by Tim Ring

Europol agency EC3 is partnering with Zeus and CryptoLocker threat specialist AnubisNetworks, as it bids to make take-downs more successful.

Europol, the European law enforcement agency, is planning more major cyber-crime ‘take-downs' after signing a pact with AnubisNetworks, a key player in last year's FBI-led Operation Tovar which targeted the Zeus Trojan and CryptoLocker ransomware families.

Paul Gillen, head of operations at Europol's EC3 (European Cybercrime Centre), said the partnership with Portugal-based threat intelligence provider Anubis will help EC3 “target the most active criminals behind the development and distribution of malware” and “inflict lasting damage on these criminal networks."

EC3 - which recently saw its director Troels Oerting leave to become CISO at Barclays - confirmed in a statement that the partnership “will be beneficial in operations such as the take-down of botnets and more”.

In last June's Operation Tovar, Anubis ‘sinkholed' the Gameover botnet network, leading to criminal charges being laid against the alleged botnet administrator, Evgeniy Bogachev from the Russian Federation.

The operation also involved a mass of cyber firms including Dell SecureWorks, CrowdStrike, Microsoft, F-Secure, McAfee, Symantec, Sophos and Trend Micro.

But there was criticism of the takedown, because new variants of the malware targeted quickly emerged.

In response, EC3's head of outreach, Benoit Godart, said it is hoping to make future operations more successful long-term.

Asked about EC3's takedown plans, he told “We do have a dedicated project on that, so we are not going to reduce our effort in this field. There is a huge expectation coming from the EU member states.

“We will, for sure, still invest in this field in order to be better – not only to dismantle the bots, but also to reach a level where the impact is going to be much bigger.

“Dismantling a botnet makes sense if you have much more than just stopping something that is going to build another infrastructure using another methodology. Definitely that's an important focus for us.”

EC3's agreement with Anubis is part of a growing trend for law enforcement agencies to team up with cyber-security firms, as they struggle to combat the escalating cyber-crime threat.

It follows similar agreements last year between Trend Micro and Interpol, Kaspersky and Interpol, and Intel Security and EC3, said Raj Samani, VP and EMEA CTO at Intel Security (formerly McAfee).

Samani told “The role of public-private partnerships in combatting cyber-crime is absolutely imperative. There is a recognition that combatting cyber-crime is only something that can be done as an industry response, not something that can realistically be done by any single stakeholder.

“The partnerships being made more public have certainly increased in volume in the past 12-18 months.”

Godart said EC3's growing roster of partnerships - not just with private cyber-firms but also the FBI, other countries' law enforcement agencies, Interpol, ENISA and national CERTs - mark a “cultural revolution for the law enforcement community”.

He said: “We were not used to share the way we share now. We have reached a level of trust between law enforcement which is solid enough to support a lot of complex sophisticated cases.

“In the cyber area there is no way for an investigation to consider cases only based on national sovereignty. We are facing a phenomenon which is global.”

AnubisNetworks CEO Francisco Fonseca agreed partnerships are a necessary growing trend to combat cyber-crime.

He told “It is getting too complex for just one entity to fight, there is a growing co-operation both between private entities, and between private entities and this type of organisation, because it is clear that alone nobody will solve this.” 

Fonseca said collaboration also helps combat the global shortage of cyber-security skills. ”These types of organisations are trying to work more with private companies because there is a lack of resources worldwide so it is really difficult, both for them and us, to find the human resources we need.”

He added: “This environment is getting more and more complex and difficult and we know it's the Wild West out there. Anything we can do, we will.” 

Raj Samani said the partnership trend is being driven by the sheer scale of cyber-crime, the geographic impact of cyber-criminals being able to operate globally, the increasing sophistication of crime-malware, and the general evolution of crime to become cyber-enabled.

“All of these forces produce the absolute need to be able to work and collaborate together. That's why these collaborations are so important.

“The sheer volume of attacks that we're witnessing, it kind of feels like you're swimming against the tide. By pooling resources, and working more efficiently and effectively, we stand a better chance of being able to combat this.”

The public-private partnership trend in law enforcement is also being matched in defence and other areas. Even NATO recently began collaborating with private companies in a scheme known as NICP (NATO/Industry Cyber Partnership).

Ian West, chief of cyber-security at NATO's Communications and Information Agency, told “There's a recognition that NATO can't do this alone. NICP is a recognition that we need to work very closely with industry in information sharing, best-practice sharing, capability development.”

West said NATO's future focus will include threat intelligence and securing new technology, and that it is in the early stages of developing a “cyber industry innovation incubator” in The Hague.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews