June 9, 2016 By Larry Loeb 3 min read

Steven Wilson, who has lead the European Cybercrime Center at Europol since January of this year, knows cybercriminals. According to Europol, he is a 30-year veteran of Police Scotland and oversaw all cyber-related crime investigations.

Europol has recently fought malicious actors with botnet detection techniques. The organization was part of the group that took down Dorkbot in December 2015, according to an official agency press release.

How Botnet Detection Affects Cybercriminals

Wilson has seen how cybercriminals are adapting to the latest law enforcement efforts. At the recent International Conference on Big Data in Cyber Security, hosted by Scotland’s Edinburgh Napier University, he noted that these actors are following their own twisted version of best practices for security. For instance, they often have incident response plans and updated backups of their botnets, so they can bounce back quickly from takedowns, BankInfoSecurity reported. He also added that keeping the fully functional backup botnets small gives them a better chance of evading detection.

Wilson said that disrupting botnets via sinkholing can give law enforcement agencies insights into how the latest threats are being built and deployed. Sinkholing means forcibly redirecting infected endpoints to secure servers controlled by authorities. This blocks attackers’ access to the bots and gives security experts an opportunity to study the threats, Dark Reading explained.

“In the last two to three years, we’ve seen significant developments with botnets — 3 million, 4 million, 5 million controlled computers,” BankInfoSecurity quoted Wilson as saying. “The important thing for us is to look at this and say, ‘How can we actually more effectively analyze that data?’ But [it’s] volumes beyond the comprehension of what we’ve ever dealt with before. And for me … big data analytics is the way to go forward regarding this.”

Read the IBM Research Report: The inside story on botnets

Fighting Cybercrime Through Cooperation

Wilson pointed out an emerging conundrum affecting many enforcement efforts: This process is not just obtaining the data about a criminal method. It is also about analyzing just what that data means.

Wilson is positive about European cooperation activities regarding cybercrime. He pointed to the success of the Joint Cybercrime Action Taskforce (J-CAT). Comprised of representatives from nine of the EU’s biggest member states and a dedicated prosecutor, this new agency handles cross-border judicial cooperation relating to criminal matters.

J-CAT will help member organizations share information in a much more effective manner than was previously possible. It is tasked to find roadblocks, document them and, where appropriate, seek changes in EU legislation to overcome them.

Right now, cybercriminals can find a safe haven in countries that are hostile or unmotivated to cooperate. Greater cooperation between the U.S. and the EU can expedite any action against these criminals before they can operate their botnets from these havens and hide their ill-gotten gains.

That new evolving agency has Wilson excited. According to BankInfoSecurity, he said it “has allowed us to actually cut through the bureaucracy, the differences in legislation, to actually tackle cybercriminality.”

Coordination Catches Crooks Faster

The European Parliament recently adopted new regulations for Europol that increase its ability to effectively fight cybercrime. Europol has said these will allow it to function as a hub of data. It should also make it easier to coordinate between law enforcement agencies in Europe and across the world.

Removing the friction from the investigative process can only make it stronger. Enterprises can look to these revisions to help defend them against the predators that have taken advantage of these conditions for far too long. They can also mimic these techniques on a smaller scale: Opportunities like threat intelligence sharing allow entities to proactively fight cyberthreats and improve their security posture.

More from Government

CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM

3 min read - In 2022, the Cyber Incident for Reporting Critical Infrastructure Act (CIRCIA) went into effect. According to Secretary of Homeland Security Alejandro N. Mayorkas, "CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors."While the law itself is on the books, the reporting requirements for covered entities won't come into force until CISA completes its rulemaking process. As part of…

Important details about CIRCIA ransomware reporting

4 min read - In March 2022, the Biden Administration signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments.The CIRCIA incident reports are meant to enable CISA to:Rapidly deploy resources and render assistance to victims suffering attacksAnalyze incoming reporting across sectors to spot trendsQuickly share information with network defenders to warn other…

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today