malware-avalanche-3An avalanche is a force of incredible destruction. The deadliest avalanche in history took place on May 31, 1970, in Peru. Known as the Huascaran Avalanche, it was triggered by the Ancash earthquake. The epicenter of the earthquake was located 21 miles off the coast of Peru in the Pacific Ocean. A massive avalanche rolled through the towns of Yungay and Ranrahirca when the earthquake sent snow, ice, water, mud, and rock tumbling down from the northern walls of Mount Huascarán. The avalanche was moving upwards of 335 kilometers per hour when it buried Yungay and Ranrahirca. Twenty thousand people died.

A very different Avalanche has been wreaking havoc around the world, but it seems to now have lost its fury.  Last week, after more than four years of investigation, authorities in Germany, the Hague, the U.S., and the U.K. announced they had dismantled an international criminal infrastructure platform known as ‘Avalanche’. The European Union’s law enforcement agency, Europol, described the network as follows: “The Avalanche network was used as a delivery platform to launch and manage mass global malware attacks and money mule recruiting campaigns. It has caused an estimated EUR 6 million in damages in concentrated cyberattacks on online banking systems in Germany alone. In addition, the monetary losses associated with malware attacks conducted over the Avalanche network are estimated to be in the hundreds of millions of euros worldwide, although exact calculations are difficult due to the high number of malware families managed through the platform.”

The U.K.’s National Crime Agency issued a statement that said in part, “In a single day of coordinated action, more than 830,000 malicious web domains were taken down, breaking the channel between criminals and the computers they controlled. In addition, five individuals were arrested, 37 premises were searched and 39 servers were seized, while 221 servers were put offline through abuse notifications sent to the hosting providers. Victims of malware were identified in over 180 countries. Avalanche, which was set up in 2009, comprised up to 600 servers worldwide and was used to host as many as 800,000 web domains at a time. Cyber criminals rented the servers and through them launched and managed digital fraud campaigns, sending emails in bulk to infect computers with malware, ransomware and other malicious software that would steal users’ bank details and other personal data….At least 500,000 computers around the world were infected and controlled by the Avalanche system on any given day.”                         ‘

Avalanche basically was a platform for cyber criminals.  They could order malware from a menu, and use it to conduct malware campaigns around the world. In a stark reminder of the ease of access to cyber criminals, the network was advertised through postings—similar to advertisements—on underground online criminal forums.

Were you affected by Avalanche? The malware affects Microsoft Windows systems. The U.S. Computer Emergency Readiness Team offers links to several anti-malware programs you can use to check. Europol offers a similar resource here.

By Tom Davis, SDI Cyber Risk Practice
December 6, 2016