
How do security researchers, and law enforcement officers, disrupt a cybercrime group?
How do they identify the targets, and the people and assets involved? And what are the objectives for disrupting a group?
Not all law enforcement results in “takedowns” or even prosecution. Sometimes interrupting a group’s operations or increasing their cost of doing business is enough.
In this episode, we hear how security researchers and law enforcement agencies, including Europol’s European Cybercrime Centre, worked together to disrupt Tycoon 2FA, a phishing as a service group.
The group operated a subscription model, very similar to those used by legitimate software as a service firms. But Tycoon 2FA made it easy for criminals to launch highly effective cyber attacks against their victims, even bypassing two-factor authentication.
Thousands of criminals used the group’s tools, launching tens of millions of phishing emails each month, targeting almost 100,000 organisations around the world, according to Europol.
But how did researchers discover, and then counter, the group’s activities? What were the results? And how do law enforcement agencies, security researchers, and CISOs, prevent a new group taking its place?
Our guest is Robert McArdle, director of forward threat research at TrendAI, one of the security firms involved, alongside Europol, Microsoft, and others, in dismantling Tycoon 2FA’s operations.
Featured image by Gerd Altmann from Pixabay
Be the first to comment