A cloud-computing network used by cyber fraudsters to target one million users every week with malware-infected emails has been taken down by law enforcement agencies from more than 30 countries.
The operation to dismantle the Avalanche cloud-hosting service was led by Europol, the FBI and German police and supported by partners from 30 countries including the National Crime Agency (NCA). It followed a four-year investigation by the German police.
The cost to the global economy from fraud linked to Avalanche is estimated to have run to hundreds of millions of dollars.
In a single day of coordinated action, more than 830,000 malicious web domains were taken down, breaking the channel between criminals and the computers they controlled.
In addition, five individuals were arrested, 37 premises were searched and 39 servers were seized, while 221 servers were put offline through abuse notifications sent to the hosting providers. Victims of malware were identified in over 180 countries.
The removal of criminal control provides victims, many of whom will not know their machine is infected, with an opportunity to scan, disinfect and protect their computer against further attack from the criminal groups.
Avalanche, which was set up in 2009, comprised up to 600 servers worldwide and was used to host as many as 800,000 web domains at a time.
Cyber criminals rented the servers and through them launched and managed digital fraud campaigns, sending emails in bulk to infect computers with malware, ransomware and other malicious software that would steal users’ bank details and other personal data.
The criminals used the stolen information for fraud or extortion. At its peak 17 different types of malware were hosted by the network, including major strains with names such as goznym, urlzone, pandabanker and loosemailsniffer.
At least 500,000 computers around the world were infected and controlled by the Avalanche system on any given day.
Mike Hulett, of the NCA’s National Cyber Crime Unit, said: “The volume of fraudulent activity made possible by Avalanche was incredible. But the scale of the global law enforcement response was unprecedented as 20 strains of malware and 800,000 domains were targeted on one day. This shows how serious we are about tackling cyber crime. The internet isn’t a safe haven for criminals.”