All the latest UK technology news, reviews and analysis

NCA Gameover Zeus malware fix will spark more dangerous attacks

20 Jun 2014
A hacker committing cyber crime on a laptop

The takedown operation against Gameover Zeus will lead to evolved, more dangerous attacks, according to security industry experts.

Law enforcement agencies across the globe, including the UK National Crime Agency (NCA), launched a co-ordinated sting operation that temporarily shut down the Gameover Zeus botnet, which was estimated to have enslaved between 500,000 and one million computers at its peak.

The temporary takedown was designed to give victims a window of opportunity to purge the malware from their systems, and separate the machine from the botnet’s command-and-control server. The deadline for system administrators and web users to purge their systems passed earlier this week, with no word from the NCA about whether the operation was a success or failure.

F-Secure security analyst Sean Sullivan told V3 that even if the clean-up figures are positive, the operation could have dire consequences in the near future.

“I’m concerned about what comes next for law enforcement. More operations such as this will escalate the fight – and the author of Gameover Zeus has Cryptolocker that he can use as a weapon,” he said.

“The only reason Gameover Zeus didn’t drop Cryptolocker on all of its victims is because that would kill the botnet – which needs to be sustained to continue with business. But if you disrupt the botnet and take it away why not trigger the payload? I expect future versions of Gameover Zeus to include a ‘dead man’s switch’. Law enforcement is unlikely to get authorisation from a judge if it means that ‘hostages’ are going to be killed.”

Cryptolocker is a dangerous form of ransomware that locks and encrypts data stored on infected machines.

Trend Micro vice president Mark Nunnikhoven added that early analysis shows despite the NCA’s efforts, many people are still connected to the Gameover Zeus botnet, making it easy for the hackers to resume their operations or mount follow-up attacks.

“Anytime we can make a dent in criminal operations, I consider a good thing. It would’ve been nice to have completely taken down the whole operation but that just wasn’t possible,” he said.

“But unfortunately it’s not a 100 percent feel-good story. While we’re still gathering data, it’s my fear that the time bought by the operation was squandered by the people it was intended to help. We’ve seen time and time again that most users do not deploy basic security controls or take simple steps to protect themselves.”

Despite the security analysts' concerns, the UK government has cited the recent high-profile Gameover Zeus operation as a victory, and pledged to invest more time and resources to increase law enforcement's anti-hacker abilities.

Minister for organised crime Karen Bradley said the government aims to develop both regional and nationwide police forces' cyber skills, during a speech at the launch of the IA14 conference.

"We are changing the way we pursue cyber criminals. Law enforcement needs to have the right skills to respond to the ever-evolving ways in which crime is being committed," she said.

"Through increased investment, new dedicated cyber and fraud units are being developed in our network of Regional Organised Crime Units (ROCUs). And the College of Policing now has a dedicated training programme to drive up cyber skills in local police forces. We will see a significant increase in the numbers of police officers and staff who have been trained by 2015."

Bradley said the government will also work to increase collaboration between UK and international law enforcement when combating cyber crime. She highlighted the NCA's role in the operation against Gameover Zeus as evidence of the need for increased collaboration.

"This NCA alert is part of one of the largest industry and law enforcement collaborations attempted to date. This is a fantastic example of international collaboration to pursue cyber criminals across borders, and to protect the public and private sector from attacks," she said.

Bradley said investment is an essential step in the government's ongoing bid to protect the UK digital economy from cyber attacks, which have the potential to cripple many businesses.

"A large company may be able to absorb a loss of a few thousand pounds from a cyber attack. But for an SME, that could be the difference between folding or surviving. And these businesses will form part of your supply chains, and are an integral part of the industries we all depend on," she said.

Bradley's comments follow widespread calls from the security community for law enforcement to take a more aggressive stance when hunting cyber criminals. Experts from FireEye praised law enforcement for their work to combat the Gameover Zeus malware earlier in June.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Software Developer - C# / C++ ( ASP.Net ) - Cambridge

Software Developer - C# / C++ ( ASP.Net ) Are you...

IT Project and Service Manager *Airport Systems* Heathrow

Project Manager, Service Manager, IT, Software PrinceII...

Senior Software Engineer in Test

About the job my client is looking to hire a Senior...

Contract Global Architect, software & global essential

Chief Global Architect, Contract, c £ 900 - 1100 per...
To send to more than one email address, simply separate each address with a comma.