INTERPOL has found 8800 Command and Control (C2) servers and hundreds of compromised websites, including government portals across Asia.
The results are part of an investigation by the INTERPOL Global Complex for Innovation (IGCI), which included investigators from Indonesia, Malaysia, Myanmar, the Philippines, Singapore, Thailand, Vietnam and additional material from China.
“With direct access to the information, expertise and capabilities of the private sector and specialists from the Cyber Fusion Centre, participants were able to fully appreciate the scale and scope of cybercrime actors across the region and in their countries,” comments ICGI executive director Noboru Nakatani,
The investigation found 270 websites — including many government websites — with a malware code that exploited vulnerabilities in the web design application. That code could have collected citizen data.
The investigation also found a number of phishing websites, including one Singapore criminal who was selling phishing kits via the dark web. The criminal had posted YouTube videos showing how to use the software.
The 8800 C2 servers were active across eight different countries and included malware families such as ransomware, DDoS, spam and financial attacks. Investigations into all the servers are ongoing, INTERPOL reports.
Experts from Trend Micro, Fortinet, Palo Alto Networks, British Telecom, the Cyber Defense Institute, Booz Allen Hamilton and Kaspersky Lab also took part in investigations.
Sean Duca, Palo Alto Networks' VP and regional chief security officer for Asia Pacific, says the operation is a ‘milestone' for cyberthreat protection across ASEAN and the globe.
Nakatani also believes intelligence sharing between the countries and private organisations involved is vital for long term cybercrime effectiveness.
Chief Superintendent Francis Chan, INTERPOL's head of its Eurasion cybercrime group and head of the Hong Kong Police Force cybercrime unit, says it was an eye-opening experience for the countries involved.
“For many of those involved, this operation helped participants identify and address various types of cybercrime which had not previously been tackled in their countries. It also enabled countries to coordinate and learn from each other by handling real and actionable cyber intelligence provided by private companies via INTERPOL, and is a blueprint for future operations,” he explains.
The investigation also showed that law enforcement must also become part of the process and actively seek out vulnerabilities. Assistant commissioner Cheng Khee Boon, SPF's commander of cybercrime, says the operation was important.
“The Singapore Police Force will continue to work closely with our ASEAN counterparts and the INTERPOL community to eradicate criminal activities in the cyberspace. We will spare no effort to track down cybercriminals who think that they can operate under the impunity of cross jurisdictions,” Cheng Khee Boon says.
The investigation also allowed countries involved to get an in-depth look at threats within their borders and across ASEAN.