|By Bob Gourley||
|March 26, 2012 10:54 AM EDT||
We have previously written about Kyrus Tech Inc and have highlighted their unique capability called Carbon Black. We have worked with the team of experts there in the past and I am very proud to have been professionally associated with Michael Tanji since we were both in government in the mid 1990′s. We have also been privileged to have worked with and learned from cyber teams at Microsoft for years and know many great professionals there. In part because of that it was especially great to read the press release below that shows how Microsoft and Kyrus Tech have combined their strengths to help reduce a particularly nasty vector of cyber crime. Their collaborative work has helped disrupt the massive Zeus cybercrime operation.
For details on the role of Kyrus see: http://www.kyrus-tech.com/blog/
We also recommend a review of the press release below from: http://www.microsoft.com/Presspass/press/2012/mar12/03-25CybercrimePR.mspx
Microsoft Joins Financial Services Industry to Disrupt Massive Zeus Cybercrime Operation That Fuels Worldwide Fraud and Identity Theft
Microsoft collaborates with financial services industry in unprecedented cross-industry action against notorious cybercrime operation behind online fraud and identity theft.
REDMOND, Wash. — March 25, 2012 — In its most complex effort to disrupt botnets to date, Microsoft Corp., in collaboration with the financial services industry — including the Financial Services – Information Sharing and Analysis Center (FS-ISAC) and NACHA – The Electronic Payments Association — as well as Kyrus Tech Inc., announced it has successfully executed a coordinated global action against some of the most notorious cybercrime operations that fuel online fraud and identity theft. With this legal and technical action, a number of the most harmful botnets using the Zeus family of malware worldwide have been disrupted in an unprecedented, proactive cross-industry action against this cybercriminal organization.
Through an extensive and collaborative investigation into the Zeus threat, Microsoft and its banking, finance and technical partners discovered that once a computer is infected with Zeus, the malware can monitor a victim’s online activity and automatically start keylogging, or recording a person’s every keystroke, when a person types in the name of a financial institution or ecommerce site. With this information, cybercriminals can steal personal information that can be used for identity theft or to fraudulently make purchases or access other private accounts. In fact, since 2007, Microsoft has detected more than 13 million suspected infections of the Zeus malware worldwide, including approximately 3 million computers in the United States alone.
“With this action, we’ve disrupted a critical source of money-making for digital fraudsters and cyberthieves, while gaining important information to help identify those responsible and better protect victims,” said Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit. “The Microsoft Digital Crimes Unit has long been working to combat cybercrime operations, and today is a particularly important strike against cybercrime that we expect will be felt across the criminal underground for a long time to come.”
This disruption was made possible through a successful pleading before the U.S. District Court for the Eastern District of New York, which allowed Microsoft and its partners to conduct a coordinated seizure of command and control servers running some of the worst known Zeus botnets. Because the botnet operators used Zeus to steal victims’ online banking credentials and transfer stolen funds, FS-ISAC and NACHA joined Microsoft as plaintiffs in the civil suit, and Kyrus Tech Inc. served as a declarant in the case. Other organizations, including F-Secure, also provided supporting information for the case.
As a part of the operation, on March 23, Microsoft and its co-plaintiffs, escorted by the U.S. Marshals, seized command and control servers in two hosting locations, Scranton, Pa., and Lombard, Ill., to seize and preserve valuable data and virtual evidence from the botnets for the case. Microsoft and its partners took down two Internet Protocol addresses behind the Zeus command and control structure, and Microsoft is currently monitoring 800 domains secured in the operation, which are helping identify thousands of computers infected by Zeus.
This is the second time Microsoft has conducted physical seizures in a botnet operation, and it is the first time other organizations have joined Microsoft as plaintiffs in the legal case for a botnet operation. This is also the first operation for Microsoft that involved the simultaneous disruption of multiple operating botnets in a single action and is the first known time the Racketeer Influenced and Corrupt Organizations (RICO) Act has been applied as the legal basis in a consolidated civil case to charge all those responsible in the use of a botnet.
“As crimes against banks and their customers move from stickups to mouse clicks, we’re also using our own mouse clicks — as well as the law — to help protect consumers and businesses,” said Greg Garcia, a spokesperson for the three major financial industry associations that worked with Microsoft on this initiative. “Disrupting the Zeus botnets is just one strike in our long-term commitment to help defend and protect people.”
Because of the complexities of these targets, unlike Microsoft’s previous botnet operations, the goal of this action was not to permanently shut down all impacted Zeus botnets. However, this action is expected to significantly impact the cybercriminals’ operations and infrastructure, advance global efforts to help victims regain control of their infected computers, and also help further investigations against those responsible for the threat. As with its previous botnet operations, Microsoft will now use the intelligence gained from this operation to partner with Internet service providers and Community Emergency Response Teams around the world to help rescue people’s computers from the control of Zeus, helping to reduce the size of the threat that these botnets pose and to help make the Internet safer for consumers and businesses worldwide. Together, these aspects of the operation are expected to undermine the criminal infrastructure that relies on these botnets every day to make money and to help provide new tools for the industry to work together to proactively fight cybercrime.
Michael Tanji, chief security officer of Kyrus Tech Inc., who helped analyze the Zeus malware and determine which botnets were the most dangerous said, “We are proud to have played a part in this groundbreaking effort and hope that others will start working together to combat malicious activity at the same scale as it is being perpetrated.”
There are steps consumers and businesses can take to better help protect themselves from becoming victims of malware, fraud and identity theft. All computer users should exercise safe practices, such as running up-to-date and legitimate computer software, firewall protection, and antivirus or antimalware protection. People should also exercise caution when surfing the Web and clicking on ads or email attachments that may prove to be malicious. For computer owners worried their computers might be infected, Microsoft offers free information and malware cleaning tools athttp://support.microsoft.com/botnets that can help people remove Zeus and other malware from their computers. For businesses looking for more information about corporate account takeover issues, including those due to malicious software, a fraud advisory from FS-ISAC, the FBI and the U.S. Secret Service can be found at http://www.fsisac.com/files/public/db/p265.pdf.
More information about today’s news and the coordinated action against Zeus is available athttp://www.microsoft.com/presspass/presskits/dcu. Legal documentation in the case can be found athttp://www.zeuslegalnotice.com.
The Financial Services Information Sharing and Analysis Center was formed in 1999 and is a non-profit, private financial sector initiative. It was designed and developed and is owned by financial institutions. Its primary function is to share timely, relevant and actionable information of physical and cyber security threat and incident information to help mitigate the risk associated with these threats. [http://www.fsisac.com/]
About NACHA – The Electronic Payments Association
NACHA manages the development, administration, and governance of the ACH Network, the backbone for the electronic movement of money and data. The ACH Network provides a safe, secure, and reliable network for direct account-to-account consumer, business, and government payments. Annually, it facilitates billions of Direct Deposit via ACH and Direct Payment via ACH transactions. Used by all types of financial institutions, the ACH Network is governed by the fair and equitable NACHA Operating Rules, which guide risk management and create payment certainty for all participants. As a not-for-profit association, NACHA represents more than 10,000 financial institutions via 17 regional payments associations and direct membership. Through its industry councils and forums, NACHA brings together payments system stakeholders to foster dialogue and innovation to strengthen the ACH Network. To learn more, please visit www.nacha.org.
AboutKyrus Tech, Inc.
Kyrus is a security innovation company. We have deep expertise in vulnerability research, reverse engineering, computer forensics and custom software development. We apply those skills to conduct research and develop solutions for the business, critical infrastructure and national security communities. We strive to disrupt the status quo. We believe that approaching security problems from diverse perspectives and without preconceptions is the only way for security to become both a valued and a cost-effective capability.
Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.
Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://www.microsoft.com/news. Web links, telephone numbers and titles were correct at time of publication, but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed athttp://www.microsoft.com/news/contactpr.mspx.
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor - all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
Mar. 28, 2017 02:30 AM EDT Reads: 2,010
My team embarked on building a data lake for our sales and marketing data to better understand customer journeys. This required building a hybrid data pipeline to connect our cloud CRM with the new Hadoop Data Lake. One challenge is that IT was not in a position to provide support until we proved value and marketing did not have the experience, so we embarked on the journey ourselves within the product marketing team for our line of business within Progress. In his session at @BigDataExpo, Sum...
Mar. 28, 2017 02:15 AM EDT Reads: 3,084
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...
Mar. 28, 2017 02:00 AM EDT Reads: 3,887
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
Mar. 28, 2017 01:00 AM EDT Reads: 2,335
What sort of WebRTC based applications can we expect to see over the next year and beyond? One way to predict development trends is to see what sorts of applications startups are building. In his session at @ThingsExpo, Arin Sime, founder of WebRTC.ventures, will discuss the current and likely future trends in WebRTC application development based on real requests for custom applications from real customers, as well as other public sources of information,
Mar. 28, 2017 12:45 AM EDT Reads: 975
"My role is working with customers, helping them go through this digital transformation. I spend a lot of time talking to banks, big industries, manufacturers working through how they are integrating and transforming their IT platforms and moving them forward," explained William Morrish, General Manager Product Sales at Interoute, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Mar. 27, 2017 09:45 PM EDT Reads: 3,652
Apache Hadoop is emerging as a distributed platform for handling large and fast incoming streams of data. Predictive maintenance, supply chain optimization, and Internet-of-Things analysis are examples where Hadoop provides the scalable storage, processing, and analytics platform to gain meaningful insights from granular data that is typically only valuable from a large-scale, aggregate view. One architecture useful for capturing and analyzing streaming data is the Lambda Architecture, represent...
Mar. 27, 2017 08:15 PM EDT Reads: 6,329
SYS-CON Events announced today that Ocean9will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Ocean9 provides cloud services for Backup, Disaster Recovery (DRaaS) and instant Innovation, and redefines enterprise infrastructure with its cloud native subscription offerings for mission critical SAP workloads.
Mar. 27, 2017 07:45 PM EDT Reads: 2,207
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
Mar. 27, 2017 07:30 PM EDT Reads: 4,600
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
Mar. 27, 2017 02:45 PM EDT Reads: 1,984
SYS-CON Events announced today that Linux Academy, the foremost online Linux and cloud training platform and community, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Linux Academy was founded on the belief that providing high-quality, in-depth training should be available at an affordable price. Industry leaders in quality training, provided services, and student certification passes, its goal is to c...
Mar. 27, 2017 02:30 PM EDT Reads: 4,038
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
Mar. 27, 2017 02:00 PM EDT Reads: 2,092
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), will provide an overview of various initiatives to certifiy the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldw...
Mar. 27, 2017 01:15 PM EDT Reads: 760
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
Mar. 27, 2017 01:00 PM EDT Reads: 1,506
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
Mar. 27, 2017 12:45 PM EDT Reads: 1,426
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
Mar. 27, 2017 11:15 AM EDT Reads: 2,405
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
Mar. 27, 2017 10:30 AM EDT Reads: 3,033
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
Mar. 27, 2017 10:30 AM EDT Reads: 3,183
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
Mar. 27, 2017 09:30 AM EDT Reads: 2,149
There are 66 million network cameras capturing terabytes of data. How did factories in Japan improve physical security at the facilities and improve employee productivity? Edge Computing reduces possible kilobytes of data collected per second to only a few kilobytes of data transmitted to the public cloud every day. Data is aggregated and analyzed close to sensors so only intelligent results need to be transmitted to the cloud. Non-essential data is recycled to optimize storage.
Mar. 27, 2017 08:15 AM EDT Reads: 3,135