Interpol is claiming success after discovering close to 9,000 malware command and control (C&C) servers and 270 infected websites across the Asean region.
The Interpol Press Release revealed that the infected servers even included government servers:
SINGAPORE – An INTERPOL-led operation targeting cybercrime across the ASEAN region has resulted in the identification of nearly 9,000 Command and Control (C2) servers and hundreds of compromised websites, including government portals.
The operation, run out of the INTERPOL Global Complex for Innovation (IGCI), brought together investigators from Indonesia, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam to share information on specific cybercrime situations in each country. Additional cyber intelligence was also provided by China.
Experts from seven private sector companies – Trend Micro, Kaspersky Lab, Cyber Defense Institute, Booz Allen Hamilton, British Telecom, Fortinet and Palo Alto Networks – also took part in pre-operational meetings in order to develop actionable information packages.
Information provided by the private sector combined with cyber issues flagged by the participating countries enabled specialists from INTERPOL’s Cyber Fusion Centre to produce 23 Cyber Activity Reports. The reports highlighted the various threats and types of criminal activity which had been identified and outlined the recommended action to be taken by the national authorities.
The same press-release further detailed the types of malware and cybercrime spanned phishing sites, spamming and DDoS operations, to name just a few. Some of these servers
Analysis
Analysis identified nearly 270 websites infected with a malware code which exploited a vulnerability in the website design application. Among them were several government websites which may have contained personal data of their citizens.
A number of phishing website operators were also identified, including one with links to Nigeria, with further investigations into other suspects still ongoing. One criminal based in Indonesia selling phishing kits via the Darknet had posted YouTube videos showing customers how to use the illicit software.
The threats posed by the 8,800 C2 servers found to be active across eight countries included various malware families including those targeting financial institutions, spreading ransomware, launching Distributed Denial of Service (DDoS) attacks and distributing spam. Investigations into the C2 servers are ongoing.
IGCI Executive Director Noboru Nakatani said the operation was a perfect example of how the public and private sectors can work efficiently together in combating cybercrime.
“With direct access to the information, expertise and capabilities of the private sector and specialists from the Cyber Fusion Centre, participants were able to fully appreciate the scale and scope of cybercrime actors across the region and in their countries,” said Mr Nakatani.
“Sharing intelligence was the basis of the success of this operation, and such cooperation is vital for long term effectiveness in managing cooperation networks for both future operations and day to day activity in combating cybercrime,” added Mr Nakatani.
Chief Superintendent Francis Chan, Chairman of INTERPOL’s Eurasian cybercrime working group and Head of the Hong Kong Police Force’s cybercrime unit said the operation helped develop capacity and expertise of officers in the participating countries.
“For many of those involved, this operation helped participants identify and address various types of cybercrime which had not previously been tackled in their countries,” said Chief Superintendent Chan.
“It also enabled countries to coordinate and learn from each other by handling real and actionable cyber intelligence provided by private companies via INTERPOL, and is a blueprint for future operations,” added Mr Chan.
As a final note, we are please to see that Interpol has worked out that being proactive, rather than reactive, is the best way forward in cybercrime prevention:
The operation also highlighted the need for law enforcement to proactively investigate vulnerabilities exploited by cybercriminals, rather than waiting for reports from victims.
We hope that this major cybercrime takedown, spanning multiple jurisdictions, is the first of many where we see Asean area law enforcement working well together to take down cybercrime servers throughout the region and beyond.