"In the Fight Against Cybercrime, Takedowns Are Only Temporary"

In November 2021, ten months after Emotet’s servers and infrastructure were taken down by an international task force, the botnet returned. The new Emotet consisted of two botnets that used different encryption for communication and additional commands than the previous version taken down in January 2021. The threat had made up 7 percent of attacks on organizations globally, at the time, and often delivered malware or ransomware to 1.6 million compromised machines. The revival of Emotet brings further attention to the lack of permanence of botnet takedowns. According to David Monnier, a fellow with the threat intelligence firm Team Cymru, Emotet’s resurgence as well as the return of TrickBot in 2020 calls on the industry and government agencies to further examine whether the takedown tactic needs to be revised or revisited. Attackers’ ability to learn from their actions and return with improved tactics, techniques, and procedures (TTPs), prevents many takedown efforts from being successful. Although defenders and law enforcement are getting better in takedown efforts, the balance is currently in favor of attackers. While the balance still seems to favor attackers, defenders must continue striving to increase the speed of disruption efforts and increase the time it takes for attackers to recover by taking down servers and infrastructure. Consistent effort will keep pressure on malicious actors and make cybercrime less profitable. This article continues to discuss the temporary Emotet shutdown, why many cybercrime shutdowns lack permanence, and the importance of continuing efforts to disrupt cybercrime activity.

Dark Reading reports "In the Fight Against Cybercrime, Takedowns Are Only Temporary"