June 9, 2016 By Larry Loeb 3 min read

Steven Wilson, who has lead the European Cybercrime Center at Europol since January of this year, knows cybercriminals. According to Europol, he is a 30-year veteran of Police Scotland and oversaw all cyber-related crime investigations.

Europol has recently fought malicious actors with botnet detection techniques. The organization was part of the group that took down Dorkbot in December 2015, according to an official agency press release.

How Botnet Detection Affects Cybercriminals

Wilson has seen how cybercriminals are adapting to the latest law enforcement efforts. At the recent International Conference on Big Data in Cyber Security, hosted by Scotland’s Edinburgh Napier University, he noted that these actors are following their own twisted version of best practices for security. For instance, they often have incident response plans and updated backups of their botnets, so they can bounce back quickly from takedowns, BankInfoSecurity reported. He also added that keeping the fully functional backup botnets small gives them a better chance of evading detection.

Wilson said that disrupting botnets via sinkholing can give law enforcement agencies insights into how the latest threats are being built and deployed. Sinkholing means forcibly redirecting infected endpoints to secure servers controlled by authorities. This blocks attackers’ access to the bots and gives security experts an opportunity to study the threats, Dark Reading explained.

“In the last two to three years, we’ve seen significant developments with botnets — 3 million, 4 million, 5 million controlled computers,” BankInfoSecurity quoted Wilson as saying. “The important thing for us is to look at this and say, ‘How can we actually more effectively analyze that data?’ But [it’s] volumes beyond the comprehension of what we’ve ever dealt with before. And for me … big data analytics is the way to go forward regarding this.”

Read the IBM Research Report: The inside story on botnets

Fighting Cybercrime Through Cooperation

Wilson pointed out an emerging conundrum affecting many enforcement efforts: This process is not just obtaining the data about a criminal method. It is also about analyzing just what that data means.

Wilson is positive about European cooperation activities regarding cybercrime. He pointed to the success of the Joint Cybercrime Action Taskforce (J-CAT). Comprised of representatives from nine of the EU’s biggest member states and a dedicated prosecutor, this new agency handles cross-border judicial cooperation relating to criminal matters.

J-CAT will help member organizations share information in a much more effective manner than was previously possible. It is tasked to find roadblocks, document them and, where appropriate, seek changes in EU legislation to overcome them.

Right now, cybercriminals can find a safe haven in countries that are hostile or unmotivated to cooperate. Greater cooperation between the U.S. and the EU can expedite any action against these criminals before they can operate their botnets from these havens and hide their ill-gotten gains.

That new evolving agency has Wilson excited. According to BankInfoSecurity, he said it “has allowed us to actually cut through the bureaucracy, the differences in legislation, to actually tackle cybercriminality.”

Coordination Catches Crooks Faster

The European Parliament recently adopted new regulations for Europol that increase its ability to effectively fight cybercrime. Europol has said these will allow it to function as a hub of data. It should also make it easier to coordinate between law enforcement agencies in Europe and across the world.

Removing the friction from the investigative process can only make it stronger. Enterprises can look to these revisions to help defend them against the predators that have taken advantage of these conditions for far too long. They can also mimic these techniques on a smaller scale: Opportunities like threat intelligence sharing allow entities to proactively fight cyberthreats and improve their security posture.

More from Government

Updated SBOM guidance: A new era for software transparency?

3 min read - The cost of cyberattacks on software supply chains is a growing problem, with the average data breach costing $4.45 million in 2023. Since President Biden’s 2021 executive order, software bills of materials (SBOMs) have become a cornerstone in protecting supply chains.In December 2023, the National Security Agency (NSA) published new guidance to help organizations incorporate SBOMs and combat the threat of supply chain attacks.Let’s look at how things have developed since Biden’s 2021 order and what these updates mean for…

Roundup: Federal action that shaped cybersecurity in 2023

3 min read - As 2023 draws to a close, it’s time to look back on our top five federal cyber stories of the year: a compilation of pivotal moments and key developments that have significantly shaped the landscape of cybersecurity at the federal level.These stories highlight the challenges federal agencies faced in securing digital infrastructure in the past year and explore the evolving nature of cyber threats, as well as the innovative responses required to address them.New White House cybersecurity strategyThe White House’s…

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

12 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign. X-Force tracks ITG05 as…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today