The battle between government bodies and cybercriminals is impossible for either side to win, as even though cybercriminals are regularly caught and prosecuted it is impossible to prevent future attacks and new groups forming. One of the biggest problems government bodies are facing when trying to ‘police’ the Internet (if policing it is even possible) is the fact that cybercriminal groups are generally formed of individuals from various countries who have the skills to hide their identities and avoid detection.
However, this Monday the American National Crime Agency announced that by working with the FBI and various other foreign law enforcement agencies they have been able to disrupt a global malware attack. The malware – known as GameOver Zeus – is a botnet which is specifically designed to steal financial and other personal details from private computers. It is believed that the botnet has affected around fifteen thousand computers across the world and caused more than one hundred million dollars’ worth of losses. However, even though the National Crime Agency and FBI have managed to gain control over this dangerous piece of malware they have still warned that anyone affected only has a short period of time to protect themselves.
Individuals with infected computers have just nine days left (two weeks from this Monday) to remove the malware and protect themselves from cyberattacks before the group responsible regains control or forms new versions of the malware. Even those that have been able to keep their bank details safe from GameOver Zeus have still found themselves being victims of cyberattacks, as one of the features of GameOver Zeus is that it can call in piece of ransomware called Cryptolocker should it fail to attain a user’s financial details after a certain period of time. Cryptolocker hijacks users’ computers and prevents them from accessing their files until they pay a ransom in Bitcoins.
Discussing the malware, Andy Archibald, deputy director of the NCA’s cyber crime unit, said: “Nobody wants their personal financial details, business information or photographs of loved ones to be stolen or held to ransom by criminals. By making use of this two-week window, huge numbers of people in the UK can stop that from happening to them.” In the next nine days those that have been affected by the malware are advised to change all their passwords and execute full virus scans in order to secure their bank and other personal online accounts.
As the National Crime Agency and FBI currently have control over the botnet they are able to determine which computers have been affected and send letters to users warning them that they are at risk and advising how to remedy the issue. However, both agencies have warned that those responsible for the attacks may use this opportunity to create fraudulent emails warning users that their computers have been affected by GameOver Zeus and then install the malware onto their computers when they click on a link.
The fact that neither the FBI nor the National Crime Agency can protect users from GameOver Zeus for more than two weeks highlights the difficulty users are facing when it comes to protecting themselves from online attacks. Carl O’Toole, networks operator at Fluidata, said: “Given the upsurge in BYOD hot-desking environments, it’s likely that a number of businesses have unknowingly been affected by the malware as they struggle to keep up with ensuring that both hardware and software firewalls are sufficiently deployed across their networks.
"It’s becoming ever more important to place a hardware based firewall at the edge of a network regardless of size, but it must not be forgotten that software firewalls and antivirus deployed on all workstations is still an integral part of a rounded IT security implementation.”