Η Kaspersky Lab contributes to the joint effort of law enforcement and the market to take action against online domains and servers that are at the heart of an advanced digital crime infrastructure that attacks online banking systems worldwide using the Shylock Trojan program.
On 8 and 9 July 2014, the prosecuting authorities took action to disrupt the system that Shylock relies on to function effectively. The actions included shutting down the servers that make up the "Command & Control" system of the Trojan, as well as taking control of the domains used by Shylock to communicate between computers which has offended.
For the business, co-ordinated by the National Criminal Investigation Service of the United Kingdom (NCA), law enforcement agencies and the private sector cooperate. In addition to Kaspersky Lab, the business includes Europol, the FBI, BAE Systems Applied Intelligence, Dell Secure Works and the United Kingdom Central Communications Service, with a common purpose of dealing with the threat.
Το Ευρωπαϊκό Κέντρο Ηλεκτρονικού Εγκλήματος της Europol (EC3), με έδρα τη Χάγη, ανέλαβε τη διενέργεια ερευνητικών δράσεων. Ερευνητές από το Ηνωμένο Βασίλειο (NCA), τις ΗΠΑ (FBI), την Ιταλία, την Ολλανδία και την Τουρκία ένωσαν τις δυνάμεις τους και συντόνισαν την επιχείρηση σε τοπικό επίπεδο, σε συνεννόηση με αντίστοιχους φορείς στη Γερμανία, τη Γαλλία και την Πολωνία. Ο συντονισμός μέσω της Europolσυνέβαλε καταλυτικά στην παύση λειτουργίας των servers που αποτελούν τον πυρήνα των botnets, του malware και της υποδομής του Shylock. Η ομάδα CERT-ΕU (ΕU Computer Emergency ResponseTeam) συμμετείχε στην επιχείρηση και ενημέρωσε τους συνεργάτες της σχετικά με τα κακόβουλα domains.
During the concerted action many aspects of the infrastructure that were unknown until recently were revealed. These revelations allowed immediate action to be taken, coordinated by the operational center in The Hague.
The Shylock malware, so named because its code contains excerpts from Shakespeare's The Merchant of Venice, has infected at least 30.000 computers running Microsoft Windows worldwide. According to research, Shylock is directed against targets mainly from the United Kingdom. However, systems from the US, Italy and Turkey are also being targeted by the malicious code. However, there are suspicions that the headquarters of those who developed the malware is in another location.
Victims are usually "infected" when they choose malicious links and then persuaded to download and execute malicious software unknowingly. At that time, Shylock seeks to gain access to chapters in corporate or personal bank accounts to bring them to the criminals who control their actions.
Troels Oerting, head of Europol's EC3, commented: "This European Crime Center (EC3)is very pleased with the company's outcome against this advanced malicious software, as it has played a particularly important role in the fight against criminal infrastructure. EC3 provided a unique platform and business premises equipped with state-of-the-art technical infrastructure and secure media, as well as analysts and cyber professionals. In this way, we have been able to support digital researchers in the forefront, with the coordination of the British NCA and cooperation with the FBI and colleagues from Italy, Turkey and the Netherlands. At the same time, via virtual links, the researchers were able to work with corresponding units in Germany, France and Poland. "
And he added: "I was delighted to see international co-operation between prosecuting and prosecuting authorities from many countries. Once again, we have been able to test our improved capabilities to react immediately to digital threats inside or outside the European Union. This is another step in the right direction for EU prosecuting and prosecuting authorities. I thank those who took part in the business for their enormous dedication. I especially appreciate Kaspersky Lab, which has greatly contributed to the success of the business. Our cooperation with the company continues to expand in this case as well as in other future affairs. "
Andy Archibald, Deputy Director of the UK's NCA's Cybercrime Unit, added: “The NCA is taking a leading role in tackling a digital threat to businesses and users around the world. This phase of the operation aims to significantly impact Shylock's infrastructure. The business also highlights how we use cross-sector and transnational partnerships to tackle digital crime.”
Sergey Golovanov, Principal Security Researcher at Kaspersky Lab, which provided services threat intelligence and monitored malware activity within the global enterprise, commented: “Bank fraud campaigns are no longer an isolated phenomenon as we have seen a significant increase in these types of malicious attacks. In 2013 alone, digital attacks with malware designed to steal financial information increased by 27,6%, reaching 28,4 million. To fight digital crime, we provide threat intelligence to law enforcement agencies around the world and work with international organizations such as Europol. Global action and cooperation brings positive results and the operation against Shylock is another example of this."
