Microsoft and partners have announced a major breakthrough in the fight against hackers today (March 10), with the takedown of the prolific Necurs botnet. This automated network infected as many as nine million computers, used as endpoints to distribute dangerous emails and malware. Between 2016 and 2019, the Nucurs network was likely responsible for 90% of the world’s email-distributed malware.
This takedown came as a result of “eight years of tracking and planning,” Microsoft says, and involved its Digital Crimes Unit, BitSight, and other partners across 35 countries. In a separate announcement, BitSight claims the action has impacted “all [eleven] Necurs botnets,” networks that have appeared dormant for around 12 months—longer than ever before, but which have left 2 million systems infected.
Taking spam email as an example of the scale of threat here, Necurs targeted victims “in nearly every country in the world. During a 58-day period in our investigation,” Microsoft says, “we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims.” The action taken, it says, “helps ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks.”Today In: Cybersecurity
Botnets—or networks of bots—are large numbers of compromised computers that then become connected endpoints through which a criminal activity can take place. In essence, your PC becomes a tool for the criminal network to use, including dropping malware (such as GameOver Zeus, Dridex, Locky and Trickbot), sending spam emails, romance and financial scams, credential theft and cryptomining.
Back in 2017, IBM said of Necurs that “it militarizes up to 6 million zombie endpoints, delivers some of the worst banking trojans and ransomware threats in batches of millions of emails at a time, and keeps reinventing itself… Necurs is indirectly responsible for a major chunk of cybercrime and the losses it produces.”
PROMOTEDGrads of Life BRANDVOICE | Paid ProgramFuture Proof Your WorkforceCivic Nation BRANDVOICE | Paid ProgramBe Careful Little Ears What You Hear: Reflecting On The Bible Belt’s Beliefs About WomenUNICEF USA BRANDVOICE | Paid ProgramAll Children Count: Advocating For Birth Registration
The operators behind the Necurs botnet are believed to be Russian and have been using the platform for their own campaigns as well as renting out its capabilities to other criminals. Microsoft hit Necurs by killing millions of domains the malware would automatically generate and register to continually move its command and control servers away from prying eyes, remaining operational for years.
Microsoft says that it accurately predicted “over six million unique domains that would be created in the next 25 months.” These were then reported to the relevant registries and blocked, thus the disruption. The tech giant also secured a court order “to take control of U.S.-based infrastructure Necurs uses to distribute malware and infect victim computers.” Put simply, Microsoft intercepted and blocked the operational infrastructure at the heart of the botnet, starving it of oxygen.
Now the job of work is cleaning up the mess that Necurs and its hacker operators have left behind. Microsoft is working with ISPs and enforcement agencies around the world “to rid their customers’ computers of malware associated with the botnet.
Courtsy: Refferal link