Nmedia - Fotolia
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the takedown of Avalanche, the crimeware as a service operation, and why the victory may be short lived.
A massive international law enforcement operation succeeded in taking down a major crimeware as a service operation known as Avalanche, but the victory may be short lived.
The Avalanche crimeware operation, which hosted more than 20 different major malware families and was tied to a massive amount of phishing attacks, was brought down earlier this month following a four-year investigation. Authorities in the U.S., EU and U.K. made five arrests, seized more than 800,000 malicious domains and shut down more than 50 Avalanche servers, which the group would rent out to hackers in a crimeware as a service model.
However, according to reports from news outlets in Ukraine, the alleged ring leader of Avalanche is, once again, at large. Gennady Kapkanov, 33, was arrested by Ukrainian police after allegedly shooting at the arresting officers. But Kapkanov, who was charged with several cybercrime counts, was reportedly set free on a technicality, and authorities have been unable to locate him since his release.
How did this crimeware as a service operation work? How did Avalanche use techniques like fast flux to evade detection? Why did it take so long for law enforcement to investigate and shut down this operation? And have we really seen the last of Avalanche? In this episode of SearchSecurity's Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss those questions and more on the topic of crimeware as a service and the Avalanche takedown.
Risk & Repeat: Internet of things botnets growing more sophisticated
Risk & Repeat: Rapid7 addresses internet of things threats and vulnerabilities
Risk & Repeat: What do Rule 41 changes mean for cybersecurity?