Necurs Botnet Affecting 9 Million Devices Taken Down by Microsoft
- The botnet is active since at least 2012 and is operated by the cybercrime gang tracked as TA505.
- The botnet affected around 9.1 million computer systems globally.
The internet era has evolved enough to significantly reduce human intervention to operate a smart device. Sensors in devices do almost all the jobs of collecting, analyzing, and communicating back. But these advanced features have also attracted some of the notorious minds who want to exploit those via what is known as botnet attacks.
Recently, Microsoft announced a takedown of the infamous Necurs Botnet targeting US-based infrastructure. The botnet had affected around 9.1 million computer systems so far.
What’s a botnet attack?
In a botnet attack, cybercriminals use malware backdoors to infect and take control over a variety of devices. These infected devices are then organized into a network of bots that can be commanded remotely to perform various malicious actions such as a distributed denial of service attack or illicit cryptocurrency mining.
Some of the most dangerous botnet strain include the likes of Earthlink Spammer, Storm, Mariposa, Mirai, Retadup, and more.
Notable attacks in 2019
Botnets have been consistently been one of the top cyber threats worldwide. Over the last few years, several different large-scale botnet attack campaigns have been reported.
- The Ecuadorian government suffered 40 million cyber-attacks in a few days after the eviction of Julian Assange.
- The online messaging app Telegram witnessed an extensive DDoS attack that is supposedly originated from China and has something to do with the protests in Hong Kong.
- Finland also suffered a DDoS attack that targeted its parliamentary election results services.
- South African ISP Cool Ideas struggled to stay online amid an advanced persistent DDoS attack where criminals targeted random IP addresses on the network and used multiple amplification vectors.
Insights from Microsoft’s Necurs Botnet Mission
- Necurs botnet is one of the largest spam botnet.
- The botnet was active since at least 2012 and is operated by the cybercrime gang tracked as TA505.
- It was involved in massive campaigns spreading malware such as the Locky ransomware, the Dridex banking Trojan, the Scarab ransomware.
- The lockdown operation reportedly saw the participation of partners from across 35 countries.
- The botnet was observed sending 3.8 million spam messages to over 40 million targets during a 58-day long investigation.
- Microsoft, with the US government grant, secured access to 6.1 million seemingly random domains that the botnet is expected to communicate with in the next 25 months.
- This botnet takedown took around eight years of tracking and planning to curb the activities by the criminals behind this network.
As per Microsoft, “This remediation effort is global in scale and involves collaboration with partners in industry, government and law enforcement via the Microsoft Cyber Threat Intelligence Program (CTIP).”
“For this disruption, we are working with ISPs, domain registries, government CERTs and law enforcement in Mexico, Colombia, Japan, France, Taiwan, India, Spain, Poland, and Romania, among others,” it added.