Estimates show that around 90% of cyber-attacks are rooted in financial motivation. Whether it be ransomware, selling stolen information to other criminals or industrial espionage, or somebody is looking for a payday for their efforts. Many of these organized cybercrime groups have ties to a nation state, at least in the sense that they are willing to share information with that government or perform services for them as mercenaries.

Thus, it was no small feat that the FBI, in cooperation with agents from the Secret Service, Defense Criminal Investigative Service, Department of Justice,  Denmark, France, Germany, the Netherlands, and the United Kingdom, Ukraine, Portugal, Romania, Lithuania, Bulgaria, and Switzerland with assistance from Europol and Eurojust, launched Operation Endgame last week, a full force effort to take down criminal cyber enterprises.

Operation End Game

Operation End Game focused on “malware as a service” models taking down more than 100 servers (part of large botnets) containing malware variants, while focusing on four malware groups (sometimes associated with the actual developers as one and the same) with the intent on neutralizing their ability to infect more computers. Over 2,000 domains have been sequestered.  The malware can be used to gain access to victim’s computers and either drop ransomware, disrupt or deny service and even collect and load information.

Malware as a Service (MaaS)

Malware as a Service (MaaS) is a growing problem in the cyber world as it makes those who are not technically perceptive enough to pull off a complicated cyber-attack, very dangerous in and of themselves. The primary malware group will research specific vulnerabilities in a system, custom built the malware to evade defenses, and possibly even test the malware without detection. Once this is done, the group will advertise the malware on the dark web with instructions on how to use or even offer a full service price to execute the attack. Sometimes they will even complete the attack themselves and sell access to the infected server along with all of its information. A customer with limited knowledge of hacking can become an effective cybercriminal with proper payment to the group.

Cyber Criminals

Four suspects were arrested (none from Russia) and eight have been put on Europe’s Most Wanted Cyber Criminal List (all from Russia). One of those on the list has earned around $75 million renting out their criminal infrastructure.  The site https://www.operation-endgame.com/ is dedicated to the operation and is in fact, quite entertaining to browse.

Early news reports and press releases stop short of tying in connections by the criminals to Russia and other nation states, probably by design.  As the information unfolds, it will be interesting to see what is shared regarding connections to the Russian government, if any, these eight men have.

Related News

Joe Jabara, JD, is the Director, of the Hub, For Cyber Education and Awareness, Wichita State University. He also serves as an adjunct faculty at two other universities teaching Intelligence and Cyber Law. Prior to his current job, he served 30 years in the Air Force, Air Force Reserve, and Kansas Air National Guard. His last ten years were spent in command/leadership positions, the bulk of which were at the 184th Intelligence Wing as Vice Commander.