Η Kaspersky Lab contributes to the joint effort of law enforcement and the market to take action against online domains and servers that are at the heart of an advanced digital crime infrastructure that attacks online banking systems worldwide using the Shylock Trojan program.
On 8 and 9 July 2014, the prosecuting authorities took action to disrupt the system that Shylock relies on to function effectively. Actions included pausing operation των servers που αποτελούν το “Command & Control” system of the Trojan, as well as taking control of the domains that Shylock uses to communicate between the computers it has attacked.
For the business, co-ordinated by the National Criminal Investigation Service of the United Kingdom (NCA), law enforcement agencies and the private sector cooperate. In addition to Kaspersky Lab, the business includes Europol, the FBI, BAE Systems Applied Intelligence, Dell Secure Works and the United Kingdom Central Communications Service, with a common purpose of dealing with the threat.
Europol's European Cybercrime Center (EC3), based in The Hague, took over the investigative activities. Investigators from the UK (NCA), the US (FBI), Italy, the Netherlands and Turkey joined forces and coordinated the operation locally, in consultation with counterparts in Germany, France and Poland. The coordination through Europol contributed catalytically to the shutdown of the servers that are the core of them botnets, Shylock's malware and infrastructure. The CERT-EU team (EU Computer Emergency ResponseTeam) participated in the operation and informed its partners about the malicious domains.
During the concerted action many aspects of the infrastructure that were unknown until recently were revealed. These revelations allowed immediate action to be taken, coordinated by the operational center in The Hague.
The malicious λογισμικό Shylock, το οποίο πήρε αυτή την ονομασία επειδή ο κώδικας του περιέχει αποσπάσματα από το έργο του Σαίξπηρ «Ο Έμπορος της Βενετίας», έχει προσβάλλει τουλάχιστον 30.000 υπολογιστές με λειτουργικό Microsoft Windows παγκοσμίως. Σύμφωνα με την έρευνα, το Shylock στρέφεται εναντίον στόχων κυρίως από το Ηνωμένο Βασίλειο. Ωστόσο, συστήματα από τις ΗΠΑ, την Ιταλία και την Τουρκία βρίσκονται επίσης στο στόχαστρο του κακόβουλου κώδικα. Υπάρχουν, όμως, υποψίες ότι η έδρα αυτών που ανέπτυξαν το malware βρίσκεται σε άλλη τοποθεσία.
Victims are usually "infected" when they choose malicious links and then persuaded to download and execute malicious software unknowingly. At that time, Shylock seeks to gain access to chapters in corporate or personal bank accounts to bring them to the criminals who control their actions.
Troels Oerting, head of Europol's EC3, commented: "This European Crime Center (EC3)is very pleased with the company's outcome against this advanced malicious software, as it has played a particularly important role in the fight against criminal infrastructure. EC3 provided a unique platform and business premises equipped with state-of-the-art technical infrastructure and secure media, as well as analysts and cyber professionals. In this way, we have been able to support digital researchers in the forefront, with the coordination of the British NCA and cooperation with the FBI and colleagues from Italy, Turkey and the Netherlands. At the same time, through virtual links, the researchers were able to collaborate with corresponding units in Germany, France and Poland."
And he added: "I was delighted to see international co-operation between prosecuting and prosecuting authorities from many countries. Once again, we have been able to test our improved capabilities to react immediately to digital threats inside or outside the European Union. This is another step in the right direction for EU prosecuting and prosecuting authorities. I thank those who took part in the business for their enormous dedication. I especially appreciate Kaspersky Lab, which has greatly contributed to the success of the business. Our cooperation with the company continues to expand in this case as well as in other future affairs. "
Andy Archibald, Deputy Director of the UK Crime Intelligence Crime Unit (NCA), added: "The NCA takes a leading role in combating a digital threat to businesses and users around the world. This phase of the business aims to significantly affect Shylock's infrastructure. The business also highlights how we use intersectoral and transnational partnerships to put an end to digital crime. "
Sergey Golovanov, Principal Security Researcher at Kaspersky Lab, which provided threat intelligence services and monitored malware activity within the global enterprise, commented: “Bank fraud campaigns are no longer an isolated phenomenon, as we have seen a significant increase to this type of malicious attacks. In 2013 alone, digital attacks with malware designed to steal financial information increased by 27,6%, reaching 28,4 million. To fight digital crime, we provide threat intelligence to law enforcement agencies around the world and work with international organizations such as Europol. Global action and cooperation brings positive results and the operation against Shylock is another example of this."
