An INTERPOL-led operation targeting cybercrime across the ASEAN region has resulted in the identification of nearly 9,000 Command and Control (C2) servers and hundreds of compromised websites, including government portals.
The operation, run out of the INTERPOL Global Complex for Innovation (IGCI), brought together investigators from Indonesia, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam to share information on specific cybercrime situations in each country. Additional cyber intelligence was also provided by China.
Experts from seven private sector companies – Trend Micro, Kaspersky Lab, Cyber Defense Institute, Booz Allen Hamilton, British Telecom, Fortinet and Palo Alto Networks – also took part in pre-operational meetings in order to develop actionable information packages.
Information provided by the private sector combined with cyber issues flagged by the participating countries enabled specialists from INTERPOL’s Cyber Fusion Centre to produce 23 Cyber Activity Reports. The reports highlighted the various threats and types of criminal activity which had been identified and outlined the recommended action to be taken by the national authorities.
Analysis identified nearly 270 websites infected with a malware code which exploited a vulnerability in the website design application. Among them were several government websites which may have contained personal data of their citizens.
A number of phishing website operators were also identified, including one with links to Nigeria, with further investigations into other suspects still ongoing. One criminal based in Indonesia selling phishing kits via the Darknet had posted YouTube videos showing customers how to use the illicit software.
The threats posed by the 8,800 C2 servers found to be active across eight countries included various malware families including those targeting financial institutions, spreading ransomware, launching Distributed Denial of Service (DDoS) attacks and distributing spam. Investigations into the C2 servers are ongoing.
IGCI Executive Director Noboru Nakatani said the operation was a perfect example of how the public and private sectors can work efficiently together in combating cybercrime.
“With direct access to the information, expertise and capabilities of the private sector and specialists from the Cyber Fusion Centre, participants were able to fully appreciate the scale and scope of cybercrime actors across the region and in their countries,” said Mr Nakatani.
“Sharing intelligence was the basis of the success of this operation, and such cooperation is vital for long term effectiveness in managing cooperation networks for both future operations and day to day activity in combating cybercrime,” added Mr Nakatani.
Chief Superintendent Francis Chan, Chairman of INTERPOL’s Eurasian cybercrime working group and Head of the Hong Kong Police Force’s cybercrime unit said the operation helped develop capacity and expertise of officers in the participating countries.
“For many of those involved, this operation helped participants identify and address various types of cybercrime which had not previously been tackled in their countries,” said Chief Superintendent Chan.
“It also enabled countries to coordinate and learn from each other by handling real and actionable cyber intelligence provided by private companies via INTERPOL, and is a blueprint for future operations,” added Mr Chan.
The operation also highlighted the need for law enforcement to proactively investigate vulnerabilities exploited by cybercriminals, rather than waiting for reports from victims.
“The Singapore Police Force will continue to work closely with our ASEAN counterparts and the INTERPOL community to eradicate criminal activities in the cyberspace. We will spare no effort to track down cybercriminals who think that they can operate under the impunity of cross jurisdictions,” said Assistant Commissioner Cheng Khee Boon, Commander of SPF’s Cybercrime Command.
Identifying the different legislative requirements and regulations around the region was also an important aspect of the operation, providing participants with a greater knowledge and understanding of the avenues and restrictions in conducting enquiries.
“The greatest threats to global cybersecurity are those that emanate from cybercriminal undergrounds. What is needed is a global cybersecurity strategy that leverages the power of public-private partnerships to disrupt, degrade and deny cybercriminals’ freedom of movement and the ability to monetize their attacks. Collaboration with INTERPOL in takedowns such as this cyber surge are exemplary towards this goal,” said Ed Cabrera, chief cybersecurity officer for Trend Micro
“Public-private private information sharing is a critical to fighting cybercrime in the region. But for this operation, access to intelligence and technology has been as important as experience of learning from each other throughout the process, resulting in better understanding and collaboration between private partners and law enforcement agencies. That makes the INTERPOL Global Complex for Innovation the unique platform that allows to transform the intelligence sharing into the meaningful and impactful action against cybercriminals both at the regional and national levels,” said Anton Shingarev, VP for Public Affairs at Kaspersky Lab.
“Cooperation between the public and private sectors in combating cybercrime is essential and this operation demonstrated the added value each sectors’ capabilities when joined together. I am convinced that the continued contribution of private companies in cybercrime investigations will led to further successes in the future,” said Kenji Hironaka, CEO, Cyber Defense Institute.
“Information sharing initiatives like this INTERPOL-led operation are key to ensuring more organizations are prepared to defend against complex attacks. Booz Allen is proud to have been selected to help with this important effort. We look forward to continue providing cyber intelligence support, building on our decades of experience assisting the government and commercial organizations, to INTERPOL and other partners in the ASEAN region,” said Christopher Ling, Executive VP and Leader of International Business, Booz Allen.
“Threat Intelligence sharing between law enforcement and private sectors is essential in the fight against cyber-crime. It also helps businesses better understand the ever-shifting threat landscape and enables BT to mitigate threats against us and our customers in near real time.BT is committed to supporting the innovative and collaborative approach being adopted through INTERPOL’s cyber fusion centre,” commented Kevin Brown, VP, BT security.
“Cybercrime is an increasingly organized endeavour consisting of a sophisticated web of compromised systems that make it easier for criminals to scale attacks and discourage attribution of their activities. Compounding these challenges, cybercriminals have no regard for political boundaries or national lines and will leverage various geopolitical protocols to their advantage. Cooperation between the public sector working alongside both local and international law enforcement is a necessity to turn the tide against organized cybercrime. Fortinet is dedicated to continue its work with INTERPOL and their efforts to build a framework for proactive and coordinated response to the global threat landscape,” stated Derek Manky, global security strategist at Fortinet.
“The INTERPOL-led cybercrime operation is a milestone that underscores the power of public-private cooperation to combat cyberthreats across ASEAN and the rest of the world. Palo Alto Networks has a dedicated Unit 42 threat intelligence team, made up of cybersecurity researchers and industry experts gathering and analysing insights into the latest cyberthreats. Through working closely with INTERPOL, we collectively aim to help make our digitally-connected world a safer place,” commented Sean Duca, VP and Regional Chief Security Officer for Asia Pacific, Palo Alto Networks.