twitter facebook rss

NCA leads international disruption of Shylock banking malware

Posted by on July 10, 2014.

The internationally coordinated global law enforcement action against malware and botnets continues: this time it’s Shylock. “On 8 and 9 July 2014, an alliance of law enforcement and industry undertook measures against the Internet domains and servers that form the core of an advanced cybercriminal infrastructure attacking online banking systems around the globe using the Shylock Trojan,” announces Europol today.

Detic'a analysis of Shylock

Detic’a analysis of Shylock

BAE Systems Detica published an analysis of the Shylock malware last year. It is, says the report, “one of the most sophisticated and fastest growing threats posed by cyber criminals today. Its creators have built a platform over the last two years which allows them to commit large scale targeting and theft of sensitive banking data – used to make fraudulent transactions which is costing the banking industry £millions per year.”

“In the first project of its kind for a UK law enforcement agency, the NCA has brought together partners from the law enforcement and private sectors, including the FBI, Europol, BAE Systems Applied Intelligence, GCHQ and the German Federal Police (BKA) to jointly combat the threat from the Shylock trojan,” comments the UK’s ActionFraud blog.

The whole process of coordinated malware disruption seems to have come to the fore earlier this year at the Reuters Cybersecurity Summit. FBI executive assistant director Robert Anderson said at the time, “There is a philosophy change. If you are going to attack Americans, we are going to hold you accountable. If we can reach out and touch you, we are going to reach out and touch you.”

Within days, in mid May, the FBI coordinated action against BlackShades and its operators. See Worldwide crackdown on BlackShades RAT users for details. Then, at the beginning of June, GameOver Zeus was internationally disrupted, with the UK’s National Crime Agency estimating that users had a 2 week window in which to get clean and stay clean from Zeus. Now it is Shylock’s turn.

The operation, coordinated by the UK National Crime Agency (NCA), brought together partners from the law enforcement and private sectors, including Europol, the FBI, BAE Systems Applied Intelligence, Dell SecureWorks, Kaspersky Lab and the UK’s GCHQ (Government Communications Headquarters) to jointly combat the threat.

It is perhaps not surprising that this action should be led by the NCA since the UK is the most targeted country by the Shylock criminals. Andy Archibald, Deputy Director of the NCA’s National Cyber Crime Unit, said: “The NCA is taking the lead in addressing a cyber crime threat to businesses and individuals around the world. This phase of activity is having a significant effect on the Shylock infrastructure, and demonstrates how we are using partnerships across sectors and across national boundaries to cut cyber crime impacting the UK. We continue to urge everybody to ensure their operating systems and security software are up to date.”

FraudAction recommends that any user not sure whether they are adequately protected against Shylock should visit the Microsoft Virus and Security Solution Centre. Everyone, however, should make sure they have a reputable and up-to-date anti-virus solution installed on their computer.

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: News, News_malware | Tags: , , , , , , ,