adimas - Fotolia

Interpol uncovers nearly 9,000 C2 servers in ASEAN

Command and control servers were used to launch denial of service attacks and distribute malware and spam emails across the region

This article can also be found in the Premium Editorial Download: CW ASEAN: CW ASEAN: Stay alert to threats

Nearly 9,000 command and control (C2) servers and hundreds of compromised websites have been identified across the ASEAN region in a cyber crime operation led by Interpol.

Interpol said the threats posed by the C2 servers were active across eight countries and included malware targeted at financial institutions, ransomware, distributed denial of service attacks and spam emails. Investigations into the C2 servers continue.

Nearly 270 websites, including several government portals that could contain citizens’ personal data, were also infected with malware that exploited a loophole in web design applications.

Among the phishing website operators identified, one had links to Nigeria, and further investigations into other suspects are ongoing. One Indonesia-based criminal was selling phishing kits on the dark web and had even posted YouTube videos demonstrating how to use the malicious software.

The operation, run out of Interpol’s Global Complex for Innovation (IGCI) in Singapore, had brought together investigators from Indonesia, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam who shared information on specific cyber crime situations in each country. Additional cyber intelligence was provided by China.

Experts from seven cyber security companies, including Trend Micro, Cyber Defense Institute, Booz Allen Hamilton, British Telecom, Fortinet, Palo Alto Networks and Kaspersky, which provided data on C2 servers found to be active in the ASEAN region, also took part in pre-operational meetings.

Interpol said the information from security companies, combined with cyber issues flagged up by participating countries, had enabled specialists from its Cyber Fusion Centre to produce 23 cyber activity reports. Besides highlighting various threats and cyber criminal activity, the reports recommended actions to be taken by national authorities.

IGCI executive director Noboru Nakatani said the operation was a perfect example of how the public and private sectors could work efficiently together to combat cyber crime.

“With direct access to the information, expertise and capabilities of the private sector and specialists from the Cyber Fusion Centre, participants were able to fully appreciate the scale and scope of cyber crime actors across the region and in their countries,” he said.

“Sharing intelligence was the basis of the success of this operation, and such co-operation is vital for long-term effectiveness in managing co-operation networks for both future operations and day-to-day activity in combating cyber crime.”

Read more about cyber security in ASEAN

Kevin Brown, vice-president at BT Security, said threat intelligence sharing between law enforcement and the private sector was essential in the fight against cyber crime.

It also helps businesses to better understand the ever-shifting threat landscape and enables BT to mitigate threats against us and our customers in near real time,” he said. “BT is committed to supporting the innovative and collaborative approach being adopted through Interpol’s Cyber Fusion Centre.

The importance of collaboration was also highlighted by UK police, the Global Cyber Alliance, Cyber Defence Alliance and Verizon at a recent forum on cyber crime in London.

Francis Chan, chairman of Interpol’s Eurasian cyber crime working group and head of the Hong Kong Police Force’s cyber crime unit, said the operation had helped to develop the capacity and expertise of officers in participating countries.

“For many of those involved, this operation helped participants identify and address various types of cyber crime which had not previously been tackled in their countries,” said Chan.

“It also enabled countries to co-ordinate and learn from each other by handling real and actionable cyber intelligence provided by private companies via Interpol, and is a blueprint for future operations.”

The Singapore Police Force said it would continue to work closely with its ASEAN counterparts and the Interpol community to eradicate criminal activities in cyber space.

“We will spare no effort to track down cyber criminals who think they can operate under the impunity of cross jurisdictions,” said Cheng Khee Boon, commander of Singapore Police’s cyber crime command.

Another important aspect of the operation was to identify different legislative requirements and regulations around the region and give participants a greater understanding of the avenues and restrictions in conducting enquiries.

In April 2017, Singapore passed changes to its Computer Misuse and Cybersecurity Act, making it illegal to obtain personal information through criminal means, such as trading credit card information.

A new Cybersecurity Act is also expected to be introduced later this year to better protect critical infrastructure, such as telco networks and power plants, against cyber attacks.

Read more on Hackers and cybercrime prevention