In one of the largest international busts of its kind, a cyber criminal infrastructure responsible for a debilitating attack called “Avalanche” is finally no more. With international support, the take-down was the result of a four-year effort with a victim count spread throughout 180 countries worldwide. Avalanche has been in use since 2009, muddying the Internet waters through phishing and malware attacks, stealing money and moving it across international borders, and botnet activity in DoS (denial of service) attacks. Though the financial industry was targeted the majority of the time, single user financial data was also a significant victim as well.
With monetary losses numbering in the hundreds of millions according to The Department of Justice, here are a few other mind-blowing statistics:
- 4: Years spent by international government agencies, private companies and cyber security academics to track down
- 180: Countries in which Avalanche attack victims were located
- 30: The number of countries collaborating with private cybersecurity companies and academics
- 5: Suspects arrested
- 221: Servers taken offline
- 37: Additional servers seized by law enforcement
- 800,000: Domains seized, blocked, or disrupted by the investigating officials
To put this into perspective, normal botnet busts aim at dismantling 1,000 domains per day. Unique to the Avalanche operation is a process called sinkholing – in order to get control of the 20 malware families spread by Avalanche, sinkholing cuts off communication between the victim’s infected computer and the malicious servers. Avalanche users also took advantage of the fast-flux hosting method – the attackers were able to hide all botnet actions behind proxy IP addresses. These proxy locations would change constantly, making the attackers extremely hard to trace.
Avalanche isn’t the first attack to wreak widespread havoc on users worldwide, nor will it be the last. While it was a major actor in the online attack world, there will be others to take its place soon enough. Don’t wait until the next big attack hits your network – manage and monitor your systems now, so that you can work with your trusted cyber security service provider when your precious data is in jeopardy.