NSHE Security Advisory: Avalanche (crimeware-as-a-service infrastructure)

Alert warning icon

The United States Computer Emergency Readiness Team (US-CERT) issued an alert on December 1 regarding Avalance, a “large global network hosting infrastructure used by cyber criminals to conduct phishing and malware distribution campaigns.”  Cybercriminals have used Avalanche to target over 40 major financial institutions.  Compromised systems may have been used to take part in denial-of-service attacks or distributing other malware to unsuspecting users.

A system that has been infected may lead to the theft of your credentials or other sensitive information.  Avalanche has been used to launch ransomware attacks, encrypting files on your computer and requiring the payment of a ransom in order to decrypt them.

US-CERT recommends the following actions:

  • Use and maintain anti-virus software
  • Avoid clicking links in e-mail
  • Change your passwords
  • Keep your operating system and application software up-to-date

To read the US-CERT alert please visit their site:  US-CERT Alert TA16-336A Avalanche