Can cyber group takedowns last?

Threat groups can recover from website takeovers or rebrand for new activity – but each successful sting provides researchers with valuable data

The text "Can cyber group takedowns last?" against white noise blue and black background, surrounded by stylized triangles forming a pentagonal aperture. The words "cyber group takedowns" are in yellow, the rest are in white. In the bottom-right corner, the ITPro podcast is shown.
(Image credit: Future)
Rory Bathgate's avatar
By
published
in Features

Every now and then, international law enforcement announces a stunning takedown of a cyber crime group.

Typically realized in the form of website shutdowns, in which the National Crime Agency logo is emblazoned across the dark web site of would-be hackers, these are powerful PR moves to show that cyber crime doesn’t always pay – and the seriousness with which law enforcement approaches these crimes.

But the truth is, hackers continue to operate. And sometimes, the very groups that have been billed done and dusted simply reemerge under a new site, new servers, or with a fresh coat of paint. What can we learn from this cycle – and does the industry need to take a different approach?

In this episode, Rory is once again joined by Ross Kelly, ITPro’s news and analysis editor, to explore some of the most prominent cyber crime gang takedowns we’ve had recently and what it means for the sector.

Highlights

"What you mentioned around, you know, data being leaked, that's vital intelligence for law enforcement, for threat researchers, and that's the big takeaway from a lot of these takedowns, I guess. In the wake of that, you're seizing domains, you're seizing servers, you're getting really valuable information on how these organizations work."

"The Veeam report said payments rose to an average of $1.1 3 million. And that's a 104% increase compared to the first quarter of this year. You know, the median payment rose two fold to $400,000, so it's high stakes. At the same time, though, we are seeing a stronger approach by enterprises. We had coverage out today as well, mentioning the fact that organizations are just outright refusing to pay and a part of that is down to the fact that they're really implementing more robust backup and recovery."

"With the Cobalt Strike situation, this is a really great example of enterprises teaming up law enforcement also having a critical role to play. The numbers speak for themselves: 200 malicious domains, 600 servers taken down by Europol. And misuse of the tool decreased by 80%, I mean that's a significant decrease there and I think it's an excellent example of the real impact that coordinated takedowns can have."

Footnotes

Subscribe 

Rory Bathgate
Rory Bathgate
Features and Multimedia Editor

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.

In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.

Latest
You might also like
View More ▸