Law Enforcement Disruption of Malicious Cyber Actors Is Gaining Steam

Yesterday's disruption of the phishing-as-a-service platform LabHost marks the fifth known US domestic or international law enforcement action during the first four months of 2024 to hamper the efforts of malicious cyber actors.

This rate translated into more than one significant takedown per month—and April is not even over yet. According to Metacurity's timeline of government actions against malicious cyber actors, this pace compares to eight significant disruptions during 2023.

The real question surrounding these disruptions is whether they work to slow down the activities of the targeted cybercriminals, given the propensity of threat groups to pop up again in new iterations.

Bob Kolasky, SVP of critical infrastructure at Exiger and the founding director of CISA's National Risk Management Center, likened cybercriminals' illegal deeds to the nature of crime in the physical, kinetic world. "[Real-world] crime doesn't get eradicated," Kolasky told Metacurity earlier this year. "Crime gets reduced, and crime gets less profitable, hopefully. And that's what you're trying to do here."

Ciaran Martin, leader of the SANS CISO Network and founder of the UK's National Cyber Security Centre, thinks these kinds of take-downs should be considered worthy tactics but not necessarily big strategic actions. "There's this sort of debate within the cybersecurity expert community about whether these take-downs are whack-a-mole, and I suppose they are," he told Metacurity earlier this year.

"But on the other hand, aren't all interventions against crime and nation-state threats? Apart from the odd war that ends in the total surrender of one party, which is pretty rare these days, most interventions are tactical."

Timeline and summaries of law enforcement disruption of cybercriminal operations

Subscribe to Premium Metacurity Membership to read the rest.