While servers distributing Intellixa Alliance's Predator spyware have significantly declined following a name and shame campaign last year, operators of the spyware have immediately rebounded with new infrastructure, with more than 80 delivery servers observed in the Philippines, Botswana, and at least nine other countries by the middle of January, CyberScoop reports.
Such infrastructure involved the utilization of domains using themes and spoofed organizations akin to those leveraged in the prior campaign to facilitate the deployment of Predator spyware, a report from Recorded Future's Insikt Group revealed. "While these patterns are relatively easy for threat researchers to identify, these [tactics, techniques, and procedures] are presumably producing satisfactory results, eliminating the need for changes," said researchers. Such findings indicate the need for a new "holistic, multi-pronged approach" to address spyware threats, according to Citizen Lab senior researcher John Scott-Railton. "Naming and shaming? Not enough. Regulations alone? Not enough. Technical solutions? Not necessarily enough," Scott-Railton said.