Posted on March 11, 2020 at 1:48 PM
Microsoft and its partners announced yesterday that is has succeeded in taking down Necurs botnet, one of the most prolific hacker syndicate responsible for 90% of the email-distributed network. From 2016 to 2019, the hacker network infiltrated about 9 million computers and used them as endpoints for distributing malware and dangerous emails.
Hacker network being tracked for 8 years
The Necurs botnet has always been a nightmare for those concerned about internet security, as Microsoft and partners took it upon themselves to track and bring down the hacker group. The work of Microsoft and other security researchers against the hacking group began eight years ago. BitSight, Microsoft’s Digital Crimes Unit, says it worked with several partners across 35 countries to pin down the group.
BitSight claimed that they have been able to target all Necurs botnets networks that were active for the past year.
Microsoft said its investigation revealed that Necurs targeted almost every country in the world with email scams and fake email campaigns to plunge malware. According to Microsoft, “we observed that one Necurs-infected computer sent a total of 3.8 million spam emails to over 40.6 million potential victims.”
But with the action the security research team has taken, those actors of the hacking network will no longer make use of the essential elements of their infrastructure to execute those attacks.
Botnets are a large number of compromised systems where cybercrime can take place at the connected endpoints. Essentially, criminals can use the system as a tool for cyber attacks, including crypto mining, credential theft, financial scams, sending spam emails, and dropping malware.
IBM said in 2017 that the Necurs is one of the most prolific hacker networks in the world. It further stated that they deliver some of the worst ransomware threats and banking Trojans through millions of spammed emails. However, the major problem is the fact that the hacking syndicate has remained difficult to track as it keeps reinventing itself.
IBM reiterated that hackers are responsible for many cases of cybercrime as well as losses recorded as a result of their activities.
Necurs botnet are Russian actors
Based on the findings of Microsoft and its partners, the actors behind the Necurs botnet are Russians. The same group has also extended their infrastructure to other cybercriminals in recent years. But their activities and modus operandi are usually related
How Microsoft pinned down Necurs
According to the announcement by Microsoft, the tech giant was able to pin down the hackers by killing the millions of domains the attackers’ malware were automatically generating. Microsoft and partners were able to delete these domains to prevent the attackers from continually registering and move their control servers from prying eyes.
According to Microsoft, 6 million fake domains were billed to be created within the next two years, which would be used to cause a lot of havoc and infiltrate millions of systems. The tech giant blocked the domains and reported the fake domains to the relevant authorities.
Microsoft also filed for a court order to give it total control over the infrastructure these hackers are using to send the malware to victims. As Microsoft blocked its operational infrastructure, it starved them of any operational energy to continue with their hacking activities.
As it stands, Microsoft has completely crippled the powers of Necurs, and what is left is to clean up the mess the hackers created online. The tech giant says it is collaborating with law enforcement agencies and ISPs all over the world to remove the malware the attackers have plunged into the computers of their customers.
Microsoft initially reported the situation through its Detection and Response Team (DART). The team is also helping customers who are affected by the malware to get rid of any malicious attack on their computer. The company revealed that six different actors were combining to infiltrate computer systems, including a government-sponsored group that has stolen email and data for the past 12 months.
In March last year, the company announced the launch of DART as part of its $1 billion yearly investment into enterprise cybersecurity. With this breakthrough in cybercriminal investigation, Microsoft is working judiciously to help those users with infected computers get rid of the malware, which will completely crush Necurs and its related activities online.