A consortium of global law enforcement agencies including Europol and the FBI has taken down one of the largest botnets in the world.
The Avalanche network was dismantled after a four-year investigation that involved investigators from over 30 countries. The web of hijacked computers was used to target online banking customers with phishing emails, and is suspected of netting the cyber criminals behind it hundreds of millions of euros.
According to a statement from Europol, the probe culminated in a series of raids on 37 properties, resulting in the seizure of 39 servers and the detention of five suspects. Two of the arrests took place in Ukraine, from where the network is thought to have been controlled. Additionally, 221 servers were taken offline after police contacted hosting providers.
It is estimated that the botnet was made up of as many as 500,000 devices worldwide, and that Avalanche infections had affected victims in more than 180 countries. In Germany alone, the network is thought to have caused damage worth some €6 million.
The investigation began in 2012 in Germany after an encryption ransomware hit a large number of computers, blocking their owners’ access to their files. Millions of devices were also infected with malware, allowing cyber criminals to harvest online banking details and email passwords.
Europol said that more than “800 000 domains [were] seized, sinkholed or blocked” as part of the operation, which the agency described as being “unprecedented in its scale”.
Rob Wainwright, Europol chief, said: “Avalanche has been a highly significant operation involving international law enforcement, prosecutors and industry resources to tackle the global nature of cybercrime.
“The complex trans-national nature of cyber investigations requires international cooperation between public and private organisations at an unprecedented level to successfully impact on top-level cybercriminals.
“Avalanche has shown that through this cooperation we can collectively make the internet a safer place for our businesses and citizens.”
Separately, the notorious Mirai Internet of Things (IoT) botnet has been blamed for knocking out routers belonging to customers of UK internet service providers TalkTalk and the Post Office. The attack happened just days after Deutsche Telekom customers were targeted in a similar cyber assault, which was also blamed on the Mirai network.
The UK attack hit some 360,000 TalkTalk customers and 100,000 Post Office subscribers, while the German strike is thought to have affected 900,000 people. The Mirai virus targets IoT devices that have weak password protection, allowing cyber criminals to use them in Distributed Denial of Service (DDoS) attacks.
A TalkTalk spokesperson said: “Along with other ISPs in the UK and abroad, we are taking steps to review the potential impacts of the Mirai worm.
“A small number of customer routers have been affected, and we have deployed additional network-level controls to further protect our customers.”