Cisco brings massive Angler hack operation to its knees...for now

10/9/2015 10:12:52 AM

Networking firm Cisco has uncovered a massive hacking operation – disrupting the estimated $30 million (£19.6 million) a year scam, reports the BBC.

The firm discovered the fraud, which breaks into systems via vulnerabilities in Flash, Java and other browser plug-ins, while investigating the notorious Angler Exploit malware tool – described by Cisco as one of "the most advanced and concerning hacking tools on the market".

Tens of thousands of users every day are being targeted, says Cisco. According to the firm, fraudsters have been targeting around 90,000 people a day, generating more than $30 million a year from the attacks.

Customers of hosting provider Limestone Networks are being targeted in particular – almost half of the attacks happened on servers connecting to the US-based provider.

The scam works by taking computers hostage and then fraudsters demanding a ransom from the owner of the device in order to regain access.

This latest discovery is only the tip of the iceberg though: the total revenue generated by Angler attacks worldwide could exceed $60 million (£39 million) annually, Cisco believes.

The firm has issued a patch and published guidance on how users can protect themselves from attack, but this is unlikely to be the end of Angler attacks.

Speaking to the BBC, security expert Graham Cluley said: "We shouldn't fool ourselves into thinking Cisco's action will serve a killer blow to the Angler Exploit Kit, but it will have bloodied its nose and disrupted the criminals' activities."

Ken Munro, a security expert at Pen Test Partners, called it "another great example of cutting off malware at the knees", but warned that malware authors will "rewrite their tools to work around this".

"It's a running battle that will continue in a slightly modified format," he said.