adimas - Fotolia
Nearly 9,000 command and control (C2) servers and hundreds of compromised websites have been identified across the ASEAN region in a cyber crime operation led by Interpol.
Interpol said the threats posed by the C2 servers were active across eight countries and included malware targeted at financial institutions, ransomware, distributed denial of service attacks and spam emails. Investigations into the C2 servers continue.
Nearly 270 websites, including several government portals that could contain citizens’ personal data, were also infected with malware that exploited a loophole in web design applications.
Among the phishing website operators identified, one had links to Nigeria, and further investigations into other suspects are ongoing. One Indonesia-based criminal was selling phishing kits on the dark web and had even posted YouTube videos demonstrating how to use the malicious software.
The operation, run out of Interpol’s Global Complex for Innovation (IGCI) in Singapore, had brought together investigators from Indonesia, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam who shared information on specific cyber crime situations in each country. Additional cyber intelligence was provided by China.
Experts from seven cyber security companies, including Trend Micro, Cyber Defense Institute, Booz Allen Hamilton, British Telecom, Fortinet, Palo Alto Networks and Kaspersky, which provided data on C2 servers found to be active in the ASEAN region, also took part in pre-operational meetings.
Interpol said the information from security companies, combined with cyber issues flagged up by participating countries, had enabled specialists from its Cyber Fusion Centre to produce 23 cyber activity reports. Besides highlighting various threats and cyber criminal activity, the reports recommended actions to be taken by national authorities.
IGCI executive director Noboru Nakatani said the operation was a perfect example of how the public and private sectors could work efficiently together to combat cyber crime.
“With direct access to the information, expertise and capabilities of the private sector and specialists from the Cyber Fusion Centre, participants were able to fully appreciate the scale and scope of cyber crime actors across the region and in their countries,” he said.
“Sharing intelligence was the basis of the success of this operation, and such co-operation is vital for long-term effectiveness in managing co-operation networks for both future operations and day-to-day activity in combating cyber crime.”
Read more about cyber security in ASEAN
- Only 20% of chief information security officers in Singapore and Australia say their organisations can prevent data breaches, according to a ServiceNow survey.
- Managed services supplier CenturyLink will invest in infrastructure and headcount to support the growing demand for managed security services in APAC.
- Lab facilities have been established at Singapore’s Republic Polytechnic through partnerships with RSA Security, Palo Alto Networks, Trend Micro and Ixia.
- Palo Alto Networks’ Singapore headquarters will house sales and support staff, as well as security analysts from Unit 42, the company’s threat intelligence team.
Kevin Brown, vice-president at BT Security, said threat intelligence sharing between law enforcement and the private sector was essential in the fight against cyber crime.
“It also helps businesses to better understand the ever-shifting threat landscape and enables BT to mitigate threats against us and our customers in near real time,” he said. “BT is committed to supporting the innovative and collaborative approach being adopted through Interpol’s Cyber Fusion Centre.”
The importance of collaboration was also highlighted by UK police, the Global Cyber Alliance, Cyber Defence Alliance and Verizon at a recent forum on cyber crime in London.
Francis Chan, chairman of Interpol’s Eurasian cyber crime working group and head of the Hong Kong Police Force’s cyber crime unit, said the operation had helped to develop the capacity and expertise of officers in participating countries.
“For many of those involved, this operation helped participants identify and address various types of cyber crime which had not previously been tackled in their countries,” said Chan.
“It also enabled countries to co-ordinate and learn from each other by handling real and actionable cyber intelligence provided by private companies via Interpol, and is a blueprint for future operations.”
The Singapore Police Force said it would continue to work closely with its ASEAN counterparts and the Interpol community to eradicate criminal activities in cyber space.
“We will spare no effort to track down cyber criminals who think they can operate under the impunity of cross jurisdictions,” said Cheng Khee Boon, commander of Singapore Police’s cyber crime command.
Another important aspect of the operation was to identify different legislative requirements and regulations around the region and give participants a greater understanding of the avenues and restrictions in conducting enquiries.
In April 2017, Singapore passed changes to its Computer Misuse and Cybersecurity Act, making it illegal to obtain personal information through criminal means, such as trading credit card information.
A new Cybersecurity Act is also expected to be introduced later this year to better protect critical infrastructure, such as telco networks and power plants, against cyber attacks.