In 2015, news of data breaches – ever larger in size and grimmer in nature – hit the mainstream media in a seemingly never-ending wave. It’s no wonder many within the information security industry feel beset on all sides; adopting a siege mentality is forgivable.
I won’t bore you with in-depth discussion of the psychology of negativity bias – suffice to say, we are wired to be drawn more towards bad news than good. As a result, media outlets cater to our proclivity and we, in turn, focus ever more on the negative over the positive news in a self-reinforcing cycle.
This is a deep shame because 2015 heralded an unprecedented year of hugely successful collaboration against online crime.
Never before have we witnessed this scale of partnership between international law enforcement, intelligence agencies and the private sector, coming together to work in concert to take down online criminal activity.
Our adversaries have been leveraging the disconnect between the public and private sectors – and national law enforcement agency boundaries – for a long time.
This disconnect is being redressed and the fruits of this effort truly blossomed this year.
I’ll detail some examples below to give you a taste of the enormous scope of successful operations in 2015:
- In a global operation coordinated by the INTERPOL Global Complex for Innovation in Singapore, a group of leading IT companies including Kaspersky Lab, Microsoft, Trend Micro and Japan’s Cyber Defense Institute, in collaboration with law enforcement agencies, have disrupted the Simda criminal botnet – a network of thousands of infected PCs around the world.
Source: Kaspersky, 13 April 2015
- The [Beebone] botnet takedown, known as Operation Source, was led by Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT). Most EU member states and law enforcement partners around the world coordinated in the action. The Dutch High Tech Crime Unit led the J-CAT effort. The U.S. Federal Bureau of Investigation provided valuable support.
Source: Intel Security, 9 April 2015
- An international operation involving law enforcement organisations, government cyber security teams and private organisations has targeted the Dorkbot botnet. Europol, Interpol, the US department of homeland security, the US National Cyber Investigative Joint Taskforce and the FBI partnered with Microsoft and other private sector organisations to disrupt the Dorkbot infrastructure, including command and control servers in Asia, Europe, and North America. This included seizing domains to disrupt the botnet operators’ capacity to control their victims’ computers.
Source: ComputerWeekly, 7 December 2015
- A law enforcement operation led by Europol and assisted by Symantec, Microsoft, and a number of other industry partners, has today seized servers and other infrastructure owned by the cybercrime group behind the Ramnit botnet (detected by Symantec asW32.Ramnit.B). The group has been in operation for at least five years and in that time has evolved into a major criminal enterprise, infecting more than 3.2 million computers in total and defrauding large numbers of innocent victims. It is hoped that today’s operation will strike a significant blow against the resources and capabilities of the gang.
Source: Symantec, 25 February 2015
- FBI, Security Vendors Partner for DRIDEX Takedown – Multiple command-and-control (C&C) servers used by the DRIDEX botnet have been taken down by the Federal Bureau of Investigation (FBI), following the action taken by the National Crime Agency (NCA) in the UK.
Source: TrendMicro, 13 October 2015
This list is by no means exhaustive and really is the tip of the iceberg.
There were some stunning successes in 2015, and we really should take time to appreciate this fact for our own edification and encouragement.
I’m reliably informed there is much more of this to come in 2016.
There really was good news in 2015!