The combined and apparently heroic effort from the National Crime Agency, Europol and the FBI to take out the heart of the botnet fuelling Gameover (or GOZeus) and Crytolocker last week is a significant development. Unfortunately, it is unlikely to make much of a dent in the current threat coming from cyber criminals.
This operation sets a good precedent and robust message that cybercrime is being taken seriously by law enforcement. It is also an example of the potential for open co-operation from the business community when it is welcomed by law enforcement.
However, the fact that this take down is temporary is the real story that people must come to grips with. The botnet behind the malware is designed to sustain itself finding new unprotected computers to replace those lost to the network. Anybody’s computer could be brought into the net and we must assume there are other similar threats that have not yet been suspended.
The value in this operation therefore can only be realised if people wake up to the threat and take precautions to secure their PCs. With personal bank accounts, photos and documents at risk, we have to hope that this news provides the wake-up call needed. We in the IT and security sectors must work to ensure it is heeded. It’s almost a shame that we have heard only 15,000 PCs may be affected in the UK as this allows people to assume they are not likely to be affected.
Overall, a systemic approach to fighting this type of crime is needed. The fact that law enforcement have co-operated across national borders is encouraging. Such collaboration in cyberspace must become the norm, not the exception. We also need more ‘joining up’ of effort between crime experts, cybercrime experts and business to ensure a continuation of this kind of effort to identify and thwart patterns of crime in this way. Overall, more investment is required to build and maintain national competence and bodies that can work internationally. A strong example is the International Cyber Security Protection Alliance, which has uniquely pulled together law enforcement, business and the profession to do just this.
Business executives too, whatever the company size, should heed the warning and consider a review of the resilience of their IT infrastructure by testing incident response and management and the critical services they rely on from suppliers. Certainly the IT community, security professionals, business continuity should be using this as an excuse to knock on senior management’s door.
Adrian Davis, Managing Director EMEA, (ISC)2