Story image

INTERPOL & private sector uncover thousands of threats across ASEAN

26 Apr 17

INTERPOL has found 8800 Command and Control (C2) servers and hundreds of compromised websites, including government portals across Asia.

The results are part of an investigation by the INTERPOL Global Complex for Innovation (IGCI), which included investigators from Indonesia, Malaysia, Myanmar, the Philippines, Singapore, Thailand, Vietnam and additional material from China.

“With direct access to the information, expertise and capabilities of the private sector and specialists from the Cyber Fusion Centre, participants were able to fully appreciate the scale and scope of cybercrime actors across the region and in their countries,” comments ICGI executive director Noboru Nakatani, 

The investigation found 270 websites — including many government websites — with a malware code that exploited vulnerabilities in the web design application. That code could have collected citizen data.

The investigation also found a number of phishing websites, including one Singapore criminal who was selling phishing kits via the dark web. The criminal had posted YouTube videos showing how to use the software.

The 8800 C2 servers were active across eight different countries and included malware families such as ransomware, DDoS, spam and financial attacks. Investigations into all the servers are ongoing, INTERPOL reports.

Experts from Trend Micro, Fortinet, Palo Alto Networks, British Telecom, the Cyber Defense Institute, Booz Allen Hamilton and Kaspersky Lab also took part in investigations.

Sean Duca, Palo Alto Networks’ VP and regional chief security officer for Asia Pacific, says the operation is a ‘milestone’ for cyberthreat protection across ASEAN and the globe.

Nakatani also believes intelligence sharing between the countries and private organisations involved is vital for long term cybercrime effectiveness.

Chief Superintendent Francis Chan, INTERPOL’s head of its Eurasion cybercrime group and head of the Hong Kong Police Force cybercrime unit, says it was an eye-opening experience for the countries involved.

“For many of those involved, this operation helped participants identify and address various types of cybercrime which had not previously been tackled in their countries. It also enabled countries to coordinate and learn from each other by handling real and actionable cyber intelligence provided by private companies via INTERPOL, and is a blueprint for future operations,” he explains.

The investigation also showed that law enforcement must also become part of the process and actively seek out vulnerabilities. Assistant commissioner Cheng Khee Boon, SPF’s commander of cybercrime, says the operation was important.

“The Singapore Police Force will continue to work closely with our ASEAN counterparts and the INTERPOL community to eradicate criminal activities in the cyberspace. We will spare no effort to track down cybercriminals who think that they can operate under the impunity of cross jurisdictions,” Cheng Khee Boon says.

The investigation also allowed countries involved to get an in-depth look at threats within their borders and across ASEAN.

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.