Cybercrime network Avalanche brought down by global operation

One of the world's largest known botnet infrastructures, called "Avalanche", was successfully shut down, thanks to a joint global operation, which saw international law enforcement agencies and security experts collaborate to arrest five suspects. Avalanche is believed to have been active since 2009, sending out nearly one million malware-infected emails every week to victims across the globe, according to Europol.

A collaborative operation with EU law enforcement agencies saw five suspects arrested and over 800,000 domains, part of the botnet infrastructure, sinkholed. The massive network reportedly targeted over 40 major financial institutions and according to Europol, involved an estimated "500,000 infected computers worldwide on a daily basis".

Nick Shaw, vice president and general manager of Norton EMEA, told IBTimes UK: "Avalanche demonstrates just how powerful the weaponisation of the internet is as cyber criminals build an ever-expanding network of malware-infected bots.

The Avalanche Botnet was one of the largest cybercrime networks in existence; it was responsible for a variety of spam, phishing and malware operations including at least 17 malware families, notably the Zeus financial Trojan and predominant ransomware families Trojan.Ransomlock.P and Trojan.Bebloh. Avalanche's takedown is a prime example of the successful co-operative work between law enforcement, government bodies, academia and private organisations such as ours."

The investigation saw 221 of Avalanche's servers taken offline and 39 others seized. Eight of the seized servers were located in Romania. However, Europol's coup de grâce was the arrest of one unnamed individual, believed to be the mastermind behind the cybercrime network.

"We have arrested the top, the head of the snake," Fernando Ruiz, the head of operations at Europol's Cybercrime Center, told the Associated Press. "We are sure that this will have a very huge impact."

According to the US Department of Justice (DOJ), law enforcement agencies from around 40 different countries were involved in the Avalanche takedown operation. Authorities also believe that the cybercriminals operating the network conducted several money laundering campaigns and posed as a "perfect example of crime as a service". Investigation uncovered victims targeted by the Avalanche network in over 180 countries.

German authorities claimed to have linked over 1,300 crimes with the Avalanche network, costing victims in Germany alone over €6m ($6.4m; £5m), the BBC reported.

Shaw added: "As a botnet, the Avalanche network consisted of a large number of remotely controlled devices (bots), previously infected by cyber criminals to generate spam or phishing, and participate in malware campaigns. At one point, Avalanche was responsible for sending around one million malicious spam emails per week in addition to the large volume of ransomware linked back to the network."

Orla Cox, the director of security intelligence at Symantec, confirmed that some of the suspects believed to be involved in the botnet network are still at large. However, given the scope of seized data, authorities believe that the operation has successfully extinguished Avalanche's operations.

"We can never say it's completely done but confidence levels are high this time around," Cox said.