All the latest UK technology news, reviews and analysis


NCA Gameover Zeus malware fix will spark more dangerous attacks

20 Jun 2014
A hacker committing cyber crime on a laptop

The takedown operation against Gameover Zeus will lead to evolved, more dangerous attacks, according to security industry experts.

Law enforcement agencies across the globe, including the UK National Crime Agency (NCA), launched a co-ordinated sting operation that temporarily shut down the Gameover Zeus botnet, which was estimated to have enslaved between 500,000 and one million computers at its peak.

The temporary takedown was designed to give victims a window of opportunity to purge the malware from their systems, and separate the machine from the botnet’s command-and-control server. The deadline for system administrators and web users to purge their systems passed earlier this week, with no word from the NCA about whether the operation was a success or failure.

F-Secure security analyst Sean Sullivan told V3 that even if the clean-up figures are positive, the operation could have dire consequences in the near future.

“I’m concerned about what comes next for law enforcement. More operations such as this will escalate the fight – and the author of Gameover Zeus has Cryptolocker that he can use as a weapon,” he said.

“The only reason Gameover Zeus didn’t drop Cryptolocker on all of its victims is because that would kill the botnet – which needs to be sustained to continue with business. But if you disrupt the botnet and take it away why not trigger the payload? I expect future versions of Gameover Zeus to include a ‘dead man’s switch’. Law enforcement is unlikely to get authorisation from a judge if it means that ‘hostages’ are going to be killed.”

Cryptolocker is a dangerous form of ransomware that locks and encrypts data stored on infected machines.

Trend Micro vice president Mark Nunnikhoven added that early analysis shows despite the NCA’s efforts, many people are still connected to the Gameover Zeus botnet, making it easy for the hackers to resume their operations or mount follow-up attacks.

“Anytime we can make a dent in criminal operations, I consider a good thing. It would’ve been nice to have completely taken down the whole operation but that just wasn’t possible,” he said.

“But unfortunately it’s not a 100 percent feel-good story. While we’re still gathering data, it’s my fear that the time bought by the operation was squandered by the people it was intended to help. We’ve seen time and time again that most users do not deploy basic security controls or take simple steps to protect themselves.”

Despite the security analysts' concerns, the UK government has cited the recent high-profile Gameover Zeus operation as a victory, and pledged to invest more time and resources to increase law enforcement's anti-hacker abilities.

Minister for organised crime Karen Bradley said the government aims to develop both regional and nationwide police forces' cyber skills, during a speech at the launch of the IA14 conference.

"We are changing the way we pursue cyber criminals. Law enforcement needs to have the right skills to respond to the ever-evolving ways in which crime is being committed," she said.

"Through increased investment, new dedicated cyber and fraud units are being developed in our network of Regional Organised Crime Units (ROCUs). And the College of Policing now has a dedicated training programme to drive up cyber skills in local police forces. We will see a significant increase in the numbers of police officers and staff who have been trained by 2015."

Bradley said the government will also work to increase collaboration between UK and international law enforcement when combating cyber crime. She highlighted the NCA's role in the operation against Gameover Zeus as evidence of the need for increased collaboration.

"This NCA alert is part of one of the largest industry and law enforcement collaborations attempted to date. This is a fantastic example of international collaboration to pursue cyber criminals across borders, and to protect the public and private sector from attacks," she said.

Bradley said investment is an essential step in the government's ongoing bid to protect the UK digital economy from cyber attacks, which have the potential to cripple many businesses.

"A large company may be able to absorb a loss of a few thousand pounds from a cyber attack. But for an SME, that could be the difference between folding or surviving. And these businesses will form part of your supply chains, and are an integral part of the industries we all depend on," she said.

Bradley's comments follow widespread calls from the security community for law enforcement to take a more aggressive stance when hunting cyber criminals. Experts from FireEye praised law enforcement for their work to combat the Gameover Zeus malware earlier in June.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

IT curriculum poll

With coding now compulsory in schools, how important are digital skills for the next generation of school leavers?
67%
9%
16%
8%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Several Test Analysts needed - Central Bristol £32,000

I am recruiting for a number of Test Analysts to join...

Sharepoint Administrator/Support-2010/2013-London

Sharepoint Administrator/Support-2010/2013-London...

ITIL Process Architect/Manager

This is a key position for a ITSM Process Manager/Architect...

Application Support / IT Support Advisor

Application Support / IT Support Advisor Support...
To send to more than one email address, simply separate each address with a comma.