Cybercriminals make a lot of news by pulling off headline-grabbing data breaches. Often, this can make these attackers seem invincible, like there are no systems or good guys capable of standing up to them.
This is, of course, anything but true. Cyber-attacks can be defeated and the criminals behind them can be apprehended.
Today, we’re going to take a look at a recent win for the good guys.
Recently, one of the key distributors of ransomware, tech support schemes and exploit kits known as “ElTest” was severely hampered by enterprising researchers.
As a quick refresher, malware and ransomware are often installed on computers when users unknowingly visit infected sites. While oftentimes social engineering tactics are used to guide users to malware, sometimes even links within reputable sites can be corrupted by cybercriminals using these tech support schemes and exploit kits.
As a supplier of these dangerous kits, ElTest was a network through which these cybercriminals could purchase exploits on the dark web, then use them to funnel unsuspecting users straight to ransomware. To combat the popular “products” ElTest sold, researchers set up a “sinkhole” which automatically redirected users who clicked on compromised links to the correct, clean webpage, rather than to the cybercriminals intended malware-infested pages. The sinkhole then tracked just how many users were being unknowingly redirected.
After only three weeks of monitoring via the sinkhole, researchers tracked:
- 44 million requests
- From 52,000 infected websites and servers
- Over 7 million requests came from the US — the most of any country by 3 million
A Look Inside
These numbers paint a picture of just how widespread and damaging the ElTest distribution network was while operating unimpeded. With an average of slightly under 15 million users affected around the world each week, this was a widespread campaign that researchers have been aware of since at least 2011.
Neutralizing this network’s most popular products is a huge win in the ongoing battle against malware, but it doesn’t neutralize the threat. While this network has been hampered, it’s safe to assume there are more out there. Services like our Endpoint Protection allow you to monitor your systems and detect malware in real-time, preventing the damage they can cause.
There’s no sugarcoating it, it’s an uphill battle against malware and cybercriminals. News like this shows that we’re making progress. As organizations continue to adopt smart malware solutions, we might one day soon have these attackers on the run.