Arresting developments

It’s two years today since Hungarian Laszlo K, the author of the Magold worm, was found guilty of unauthorized use of computer systems (tens of thousands of systems, in fact) and sentenced to two years probation and a fine of $2,400.

A lot has happened since then.

1. The motivation behind the development of malicious code has changed. Malware is now routinely developed and used to make money. At the time Laszlo K was sentenced, this trend towards crimeware was just beginning.

2. We’ve seen a corresponding shift in tactics. There has been a relative decline in the use of mass-mailing as a means of distributing malicious code. The global epidemic has been replaced by tactical ‘hit and run’ attacks in which malware is spammed out to a controlled target population. So email worms like Magold make up a smaller percentage of malicious code overall.

The stakes have risen. Those who develop malicious code stand to benefit financially from their work. However, the risks have increased too. Law enforcement agencies across the world have become more expert in tracking cyber criminals. And there’s a significant degree of co-operation between national police authorities. As a result, the number of arrests and convictions has risen considerably during the last two years. This week brought a further example. Three suspected members of the ‘M00P’ online gang were arrested in the UK and Finland, accused of distributing backdoor Trojans (including the Breplibot Trojan) via spam and using them to attack businesses.

Given the potential profits to be made, the evolution of malicious code is unlikely to slow down any time soon. But we’re also likely to see more arrests and convictions.

Arresting developments

Your email address will not be published. Required fields are marked *



Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

Subscribe to our weekly e-mails

The hottest research right in your inbox