Microsoft Sets Proper Example With Necurs Botnet Takedown

by Rob Enderle on March 14, 2020

I like to watch old westerns, and there is a common thread that weaves through them that showcases that the lack of cooperation between the states led to profitable criminal organizations, which made living in the Old West very risky. Criminals could commit crimes in one state, flee across the border to another state, and live relatively risk-free with their ill-gotten gains. We exist in a similar world today where foreign actors, often out of China, North Korea, or particularly Russia, can make money committing crimes in the US and live out their days with their ill-gotten gains safely in their home country.

Microsoft has been one of the most—if not the most—aggressive companies going after these criminal organizations, and their most recent effort to take down the Necurs Botnet is a showcase both for how aggressive Microsoft is, and how effective this approach is to eliminating this threat. If you can destroy the economics of a crime, you can substantially reduce its recurrence.

During the Covid-19 Pandemic, we see a massive uptick in malware and phishing attacks using this event to circumvent security and gain access to systems and passwords. The only way I can see to stop this massive constant attack on our people is to use what Microsoft just did as an example and systematically go after and shut down these bad actors.

Let’s talk about that this week.

Stopping Cybercrime-as-a-Business

Organized crime is alive and well in the world, but it has been a lot worse and it tends to mitigate once the economics surrounding the criminal organization change. Because crimes typically have huge penalties, professional criminal organizations tend to gravitate to crimes that have relatively high returns and relatively low risks. Right now, cybercrimes—particularly when committed across country borders—appear to have high returns and low risks.

Sponsorships Available

Bill Gates seemed to take attacks like this personally early on, and Microsoft has historically been one of the most aggressive firms to go after bad actors. His, and the efforts of his firm, have been instrumental in reducing the number of these bad actors by aggressively bringing them to justice and destroying the tools and infrastructure that have been set up to do us harm.

If you can increase the risk enough, you can remove the incentives, outside of government level bad actors, and far more effectively reduce the risk for the rest of us. More companies and particularly governments should follow Microsoft’s example.

This approach does point out that our law enforcement efforts remain largely inadequate to protect against this kind of threat from criminals, let alone hostile governments. Fixing this mismatch should, in my opinion, be a far higher priority than it seems to be. Our protective cyber services continue to look under-resourced and understaffed, given the level of the current threat.

Wrapping Up

One of the reasons ransomware and other malware currently circulating around the world is so prevalent is that the rewards for releasing these types of malware are relatively high while the costs are relatively low. To effectively reduce these attacks, we need to reverse this dynamic so that the cost of going into this kind of illicit business significantly exceeds the average benefits. While this alone won’t eliminate criminal behavior, it will shift that behavior away from malware—which has a huge potential to do massive infrastructure damage by accident—to other more traditional forms of crimes that don’t have the potential to take down a power grid or crash a government.

In the end, we all owe Microsoft a heartfelt thank you for stepping up with the Necurs botnet, but we hope that other firms learn from Microsoft’s lesson and step up as well. Because only then will we have a hope of dramatically reducing the number of related attacks and return to a world far safer regarding cybercrime than we have today.