The United Kingdom Metropolitan Police (Met) has Announced has taken down a large-scale online fraud service, LabHost, marking the latest episode in a series of international raids against suspected cybercriminals.
On 18 April 2024, law enforcement agencies around the world arrested 37 people associated with the industrial-scale scam service as part of a joint operation led by the Met.
Online fraud service LabHost was responsible for facilitating the theft of sensitive personal information, including 480,000 credit and debit card numbers and 64,000 PIN codes, generating approximately £1 million in profits.
According to an update provided by the Met on April 18, work on the operation began in June 2022 when detectives received “crucial intelligence” about the LabHost activity of the Cyber Defense Alliance.
The takedown comes on the heels of a series of high-profile law enforcement operations targeting major players in the digital underworld, including ransomware operators LockBit and ALPHV/BlackCat.
The recent spate of large-scale threat collective raids suggests that authorities around the world are taking a tougher stance on cybercrime and proactively seeking to disrupt hacking groups, rather than simply defending against their attacks.
The major LockBit ransomware operation, which accounted for around 30% of all global ransomware and digital extortion attacks in the first quarter of 2023, was eliminated in February 2024 in a joint operation involving the National Crime Agency , the FBI, Europol and a number of other international agencies.
Removals of major players could leave a fragmented threat landscape
speaking to ITPro In February, just after the LockBit downfall was revealed, Sergey Shykevich, manager of Check Point's threat intelligence group, said he expected the ransomware industry to become more fragmented as a result.
Shykevich noted that the operation would have left a large number of LockBit affiliates without a reliable source of ransomware tools to extort victims. This void would soon be filled by a series of smaller competitors seeking to capture some of LockBit's lucrative market share, he said.
“[T]There are many members who are now looking for other rentals and I'm sure they won't all go to the same group. That's why I hope there are more groups, there are no empty spaces in this business, there is too much money,” Shykevich said.
Trend Micro's director of forward-looking threat research, Robert McArdle, said ITPro There is enough room in the digital underworld for major actors and smaller threat collectives to coexist.
“The cybercrime ecosystem is very mature. As in the tech industry, there is more than enough room for large players (such as well-known ransomware actors) to coexist and for the equivalent of SMBs or mid-market highly profitable companies to coexist.”
McArdle added that although smaller criminal organizations may believe they are at less risk by keeping a low profile, recent actions by law enforcement agencies suggest they will eventually come to their attention and be targeted.
“In a sense, this middle crime market can go unnoticed by normal technical reporting in the press,” McArdle admitted.
“But actions like this recent Met-led operation to take action against Labhost, and the recent disruption of the infamous NCA-led Lockbit ransomware gang, show that no matter where a criminal group is in the market, they will come to the attention. from authorities and private industry collaborators,” McArdle said.
“Steps will be taken wherever possible to make the world a safer place for the exchange of digital information.”