A cloud-computing network used by cyber fraudsters to target one million users every week with malware-infected emails has been taken down by law enforcement agencies from more than 30 countries.
The operation to dismantle the Avalanche cloud-hosting service was led by Europol, the FBI and German police and supported by partners from 30 countries including the UK's National Crime Agency (NCA). It followed a four-year investigation by the German police.
In a single day of coordinated action, more than 830,000 malicious web domains were taken down, breaking the channel between criminals and the computers they controlled.
In addition, five individuals were arrested, 37 premises were searched and 39 servers were seized, while 221 servers were put offline through abuse notifications sent to the hosting providers. Victims of malware were identified in over 180 countries.
Avalanche, which was set up in 2009, comprised up to 600 servers worldwide and was used to host as many as 800,000 web domains at a time.
Cyber criminals rented the servers and through them launched and managed digital fraud campaigns, sending emails in bulk to infect computers with malware, ransomware and other malicious software that would steal users’ bank details and other personal data.
At least 500,000 computers around the world were infected and controlled by the Avalanche system on any given day.
Mike Hulett, of the NCA’s National Cyber Crime Unit, says: “The volume of fraudulent activity made possible by Avalanche was incredible. But the scale of the global law enforcement response was unprecedented as 20 strains of malware and 800,000 domains were targeted on one day. This shows how serious we are about tackling cyber crime. The internet isn’t a safe haven for criminals."