Dark web takedowns and arrests are a crucial part of fighting cybercrime, but when one marketplace or malware operation gets disrupted by law enforcement, another is always likely to take its place.
Emotet, one of the most prolific and most dangerous forms of malware – which served as a means for cyber criminals to deliver ransomware and other cyberattacks – was disrupted in a police operation earlier this year.
And while the disruption of such a big player in the malware space inevitably has an impact on cybercrime, it doesn't just disappear – cyber criminals find new means of engaging in malicious online activity.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
"I'm a big geek for Jurassic Park, and there's famous line that Jeff Goldblum says: 'Life finds a way,'" Rick Holland, CISO at Digital Shadows, told ZDNet Security Update.
"When I think about cyber-criminal takedowns – Emotet and others – there's a long history of this as well; cybercrime finds a way. One set of operators gets arrested, goes to jail, but someone will fill their spot. It's just like water flowing and it's going to find a way".
In the case of the Emotet disruption, cyber criminals have quickly shifted to Trickbot and other trojans as a means of gaining access to networks for use in cyberattacks – either for deploying their own malware, or leasing out the backdoor for others to plant their own malware or ransomware.
And that's despite an attempted takedown of Trickbot by a coalition of cybersecurity companies in October.
But that doesn't mean there isn't a need to fight cybercrime with takedowns and arrests – because even if cyber criminals have to evolve and adapt their tactics, criminal hacking and malware will remain a threat.
"I definitely think we need to continue the law enforcement takedowns, it does have an impact, but it is a whack-a-mole because someone will fill that gap," said Holland.
"There's definitely some impact on the operators themselves if they go to to jail and things like that, but as far as the macro view versus the micro you know it's going to continue," he added.
SEE: Check to see if you're vulnerable to Microsoft Exchange Server zero-days using this tool
However, when takedowns are successful, there's a chance that some lower-level cyber criminals will be frightened off being involved due to the potential prospect of going to jail if they're caught.
"A lot of the bottom feeders, if you will, that are kind of rushing to make money, they're new to cybercrime, they don't have as much operational security or experience, so they can be vulnerable just because of a lack of experience that's there," said Holland.