As our favorite blue monster would say, "C is for captured."
The bad guys win more than their fair share of headlines. So, it's good to see a win racked up in the good guys' column—especially when it's a big one.
Operation Cookie Monster—named in reference to user-identifying cookies—is the third such win this year. And like the two that came before it, details beneath the surface leave us googly-eyed at the cybercrime world's scope, scale and capabilities.
The First Two Wins Were Big
The first big announcement this year was the FBI's takedown of the Hive ransomware ring. The agency thwarted more than $130 million in ransomware demands and demonstrated that, contrary to popular opinion (shared on social media), governments can be organized, effective and work together. But the big shot of schadenfreude the security community got from the Hive action was how the FBI and its foreign government partners turned the tables on the bad guys. They laid dormant in the criminals' infrastructure and mapped it out before delivering decryption keys to victims and seizing control of Hive's servers and websites.
The second was last month's arrest of Conor Brian Fitzpatrick, the alleged founder and operator of BreachForums, an online hacker marketplace facilitating transactions between hackers and other criminals who paid for the data they stole.
The Third Win is Bigger, and an Even Bigger Eye-Opener
This month, another hacker forum has been shut down. Operation Cookie Monster—an effort between the FBI and Dutch National Police with assistance from law enforcement in 15 other countries—targeted the Genesis Market. This forum had processed more than 80 million sets of compromised records (account access credentials) and was actively selling the identities of 2 million people via mimicking “bots” that mirrored victims’ digital fingerprints. The cloning included unique user agent strings tied to victim browsers and mimicked screen size and refresh rates, allowing criminals to impersonate victims' browsers while pursuing their criminal activities virtually.
According to Europol, Operation Cookie Monster resulted in infrastructure seizure, 119 arrests (targeting users, not just forum owners), 208 property searches and 97 "knock-and-talk" measures.
Full-Spectrum Threats Require Full-Spectrum Protection
The Genesis Market—reportedly believed to be based in Russia—was a priority target for law enforcement because it facilitated all types of cybercrime from a centralized marketplace. Exposure events like these can serve as springboards in conversations with your clients about the need for full-spectrum, coordinated defenses across their entire attack surface.
Here are three takeaway discussion points to use with clients:
- The bad guys are seriously armed. High-visibility busts of ransomware gangs and cybercrime marketplaces this year reveal extensive, multipronged attack capabilities. You need a security fabric that's broader than their attack surface.
- The bad guys are masters of digital impersonation. Cybercriminals can mimic the digital fingerprints of victims right down to unique browser-user identifiers and spoofed hardware characteristics like screen sizes and refresh rates. These new capabilities show why you need advanced threat protection that can leverage static analysis to detect nefarious activity even when trusted users have been authenticated into your infrastructure.
- The bad guys are brazen. Cybercriminals are so unconcerned with being caught that they've been operating some marketplaces where they sell hacking tools and stolen credentials not on the dark web but right out in the open on the public Internet, serving tens of thousands of criminal customers. It's up to you to defend yourself. Fortunately, it's easier—and more affordable—than you think with the right tools and team on your side.