Huge Cyber ​​Defense Operation Disables Critical Ransomware Tool

[ad_1]

Operation Endgame, led by police services from several countries, shut down several botnet servers and networks. Among the structures targeted, we find networks of “droppers”, particularly important tools for ransomware infiltration.

It is “ the largest operation ever carried out against botnets “. Europol announced on May 30, 2024 that it had coordinated, between May 27 and 29, 2024, Operation Endgame, which led to the arrest of 4 people, and the dismantling of around a hundred servers in Europe and around the world. . The operation, launched and led by France, Germany and the Netherlands, “ is not finished », Indicates Europol, which specifies that “ new actions will be announced ” shortly.

More than these actions, it is the infrastructures targeted by the operation which are particularly important. Endgame made it possible to bring 2,000 domain names under the control of law enforcement, and above all to interrupt the operation of bot networks and “ droppers », two of the most important tools for cybercriminals wishing to implement ransomware.

Operation Endgame targeted botnet networks and droppers // Source: Operation Endgame
Operation Endgame targeted botnet networks and droppers // Source: Operation Endgame

Droppers, essential cogs in cybercrime

More specifically, Endgame targeted the dropper networks IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot. If these names don’t mean anything to you, they are nevertheless crucial tools for cybercriminals. Indeed, a dropper, sometimes also called an injector, is a “ specific type of malware », Specifies the Paris Prosecutor’s Office, which participated in the operation with ANSSI. A dropper is “ designed to be a gateway to others [logiciels] on a target system, notably by email, thus serving as a starting point for more complex attacks. »

Concretely, droppers are used during the first phases of cyberattacks, and are deployed as attachments in emails, or on shady websites. They can even be integrated into legitimate software », underlines Europol. Once droppers infiltrate targeted systems, they can bypass security systems and install ransomware, without the victim’s knowledge. If “ droppers themselves generally do not cause direct damage », they remain particularly dangerous programs.

In France, the attacks enabled by these tools, centralized in the anti-cybercrime section of the Paris Public Prosecutor’s Office, number in the hundreds and are committed to the detriment of private companies, individuals, public administrations including hospitals. », Specifies the Prosecutor’s Office.


Subscribe to Numerama on Google News so you don’t miss any news!

[ad_2]

Source link -100