22 May 2018
Cybercriminals make a lot of news by pulling off headline-grabbing data breaches. Often, this can make these attackers seem invincible, like there are no systems or good guys capable of standing up to them. This is, of course, anything but true. Cyber-attacks can be defeated and the criminals behind them can be apprehended. Today, we’re going to take a look at a recent win for the good guys.
What HappenedRecently, one of the key distributors of ransomware, tech support schemes and exploit kits known as “ElTest” was severely hampered by enterprising researchers. As a quick refresher, malware and ransomware are often installed on computers when users unknowingly visit infected sites. While oftentimes social engineering tactics are used to guide users to malware, sometimes even links within reputable sites can be corrupted by cybercriminals using these tech support schemes and exploit kits. As a supplier of these dangerous kits, ElTest was a network through which these cybercriminals could purchase exploits on the dark web, then use them to funnel unsuspecting users straight to ransomware. To combat the popular “products” ElTest sold, researchers set up a “sinkhole” which automatically redirected users who clicked on compromised links to the correct, clean webpage, rather than to the cybercriminals intended malware-infested pages. The sinkhole then tracked just how many users were being unknowingly redirected. After only three weeks of monitoring via the sinkhole, researchers tracked:
- 44 million requests
- From 52,000 infected websites and servers
- Over 7 million requests came from the US — the most of any country by 3 million