On October 28, the Dutch Police announced the success of Operation Magnus, which allegedly disrupted the distribution of Redline and META infostealers, in collaboration with the FBI and other international law enforcement partners. The police warned involved parties and initiated legal actions.
The US Department of Justice has joined an operation to arrest a suspect linked to the Infostealers network, revealing unsealed charges. Techopedia investigates the operation, its implications, and the challenges of arresting cybercriminals.
“The Source Code Is With Us.” Operation Magnus by the Dutch Police Warnings
The Dutch Police claim to have access to the source code of a cybercrime, including license servers, REST-API services, panels, stealer binaries, and Telegram bots. If this is true, their operation in coordination with international partners would be significant, as they could track down suspects and bring those guilty to justice. Remotely shutting down a dark web site or hacker’s blog is not the same as taking vital information.
Cybersecurity efforts often focus on blocking malicious infrastructure but not taking legal action against cybercriminals. Eric O’Neill, former FBI and founder of The Georgetown Group and Nexasure AI, explains that identifying a threat actor without seizing their infrastructure and data is difficult but achievable.
He suggests that digital detective work, behavioral quirks, IP breadcrumbs, code fingerprints, and linguistic tells can help. Open-source sleuthing and geopolitical guesswork can also help create a suspect profile. While not as bulletproof as obtaining servers, having the infrastructure and data is a forensic goldmine.
The Secret to Ending Cybercriminals’ Dominion is the Art and Science of Attribution
The Dutch Police is analyzing data for arrests, while the Department of Justice (DoJ) has unsealed charges against Maxim Rudometov. The complaint alleges Rudometov accessed and managed RedLine Infostealer’s infrastructure, was associated with cryptocurrency accounts, and was in possession of RedLine malware.
Blackpoint Cyber’s Chief of Threat Research and Intelligence, Aaron Shaha, explains that attribution in cyber is the most challenging task. Hackers often use obfuscation methods to connect to seized infrastructure, such as open proxies, relays, or compromised infrastructure. They often use one hop in non-permissive environments, such as Russia, to make attribution difficult. This makes it difficult for law enforcement to easily identify and respond to cyber threats.
Infostealers Are the Next Big Thing in Crime
Infostealer malware, such as RedLine and Meta, has been a significant threat for years but has now been reverse engineered by numerous criminal groups. These efficient tools can break into Windows or Apple macOS environments, making them a preferred weapon for criminals. James McQuiggan, Security Awareness Advocate at KnowBe4, emphasized the never-ending cycle of infostealers in cybersecurity culture.
Cybercriminal groups, such as Conti, are likely to repurpose or repurpose tools used by other groups or new ones, according to McQuiggan. The cybercriminal ecosystem, whether mafia-style or nation-states, suggests that updated or adjusted versions may resurface under new names or as free tools on the dark web. Former FBI founder O’Neill warns that criminals often return under new names and have backup servers unless apprehended, prosecuted, and removed from computers.
An Unexpected But Familiar Achilles Heel for Infostealers
Infostealers, a type of malware, can be effectively stopped by using application whitelisting and multi-factor authentication (MFA). Whitelisting ensures only trusted applications can run, blocking unauthorized software from accessing data. Windows and macOS support options like AppLocker and Gatekeeper. MFA adds a second layer of security, like a code or fingerprint, to gain access. These measures can render infostealers as relevant as 90s malware, making them less effective.
KnowBe4’s McQuiggan emphasized the importance of human cybersecurity awareness in preventing infostealers and reducing system compromises. He emphasized the need for endpoint detection and response (EDR) to detect and respond to potential threats. McQuiggan also highlighted the need for organizations to conduct regular security awareness and phishing assessments to reduce the risk of end users falling victim to social engineering attacks.
Will You Fix the Browser Sandboxing?
Sandboxing is a growing issue for companies like Google and Microsoft as criminals exploit web browsers to access victim data. Browsers store data related to browsing history, online behaviors, and credentials, making them vulnerable to data extraction. Infostealers target these browsers as they are a valuable treasure trove, making them a target for malicious operations.
Large IT firms should concentrate on sandboxing and encrypted storage for private information in order to stop browser data extraction. Sandboxing isolates browser processes, preventing unauthorized access to data like passwords, browsing history, and behavior tracking by malicious extensions or injected code. This technology is essential for preventing data breaches and enhancing security.
Encrypted storage, particularly end-to-end encryption, adds another layer of protection to browser data, making it nearly impossible for external threats until quantum computers obliterate all current encryption. However, fixing browser security should be a focus of big tech, but it falls down the list of priorities to “doing something new.”.
Shaha emphasizes the need for improved browser security to prevent the storage of sensitive passwords or common ones. He suggests that history and data should be encrypted and controlled for system calls. Companies like Google, Microsoft, and Apple, with their secure Safari browser, are responsible for the spread of infostealers, causing millions in damages. The current browser security does not meet the standards demanded by infostealers, and the future of big tech and law enforcement remains uncertain.
The Bottom Line
Law enforcement faces a significant challenge in identifying and bringing cybercriminals to justice. Despite advancements in security, experts often focus on blacklisting and avoiding malicious networks rather than tracking them down. Without bringing criminal enterprises’ developers to justice, the cycle of cybercrime will continue to be stuck in a bad loop.
