Cybercriminals can also make mistakes by revealing too much information about themselves. Their usual habits, quirks, and techniques are one of the primary reasons for their ultimate downfall. No matter how subtle an attack might be, malicious actors always leave behind evidence in one form or another. These pieces of evidence, are used to create a comprehensive picture of their movements to track and uproot their malicious operations.
Crackdown on bad actors
Here’s a list of major crackdowns that occurred so far in 2020:
- Indonesian police arrested GetBilling hackers, a subgroup of the Magecart group, infected over 200 retail websites. The regulators, along with Group-IB researchers, tracked the GetBilling script before they planned to take over them.
- In a coordinated takedown effort, Microsoft disrupted the operations of Necurs botnet that infected more than nine million computers worldwide. This was possible after researchers broke the Necurs DGA - the botnet's domain generation algorithm, the component that generates random domain names.
- ESET experts managed to sinkhole several C2 servers of the VictoryGate botnet that was responsible for infecting about 35,000 devices worldwide.
- Europol arrested hackers belonging to the Infinity Black hacking group for selling stolen user credentials and hacking tools. The crew was tracked after Swiss authorities gained access to a database containing a large number of accounts belonging to Swiss users.
What experts say
- Dan Dahlberg, BitSight’s head of security research, highlighted that the best way to prevent the progress of botnets or malware is to seize their C2 servers.
- For security organizations, honeypots continue to be an effective way to lure cybercriminals in and find out more about their tactics and techniques.
Tracking hackers down is a laborious process. It takes a lot of time, collaboration, and investigative research. However, in spite of these insurmountable tasks, specialist cybercrime units will continue to follow up on the trails and evidence left by cybercriminals to minimize future cyberattacks.