Kaspersky
Lab joins INTERPOL-led cybercrime operation across ASEAN
Identifies close to 9,000 C2 servers and hundreds of
compromised websites, including government portals
Lab joins INTERPOL-led cybercrime operation across ASEAN
Identifies close to 9,000 C2 servers and hundreds of
compromised websites, including government portals
25
April 2017
April 2017
Kaspersky Lab today announced
its participation in a groundbreaking INTERPOL-led cybercrime operation
involving public and private sectors across the ASEAN region. Nearly 9,000
botnet command and control (C2) servers and hundreds of compromised websites, including
government portals were identified from the activity.
its participation in a groundbreaking INTERPOL-led cybercrime operation
involving public and private sectors across the ASEAN region. Nearly 9,000
botnet command and control (C2) servers and hundreds of compromised websites, including
government portals were identified from the activity.
The operation was carried out
from the INTERPOL Global Complex for Innovation (IGCI) in Singapore, the
research and development facility of the world’s largest police organization.
from the INTERPOL Global Complex for Innovation (IGCI) in Singapore, the
research and development facility of the world’s largest police organization.
Cybercrime investigators from
Indonesia, Malaysia, Myanmar, Philippines, Singapore, Thailand, and Vietnam
gathered together at the IGCI to exchange information on specific cybercrime
situations in their respective countries. An additional cyber intelligence report
was contributed by China.
Indonesia, Malaysia, Myanmar, Philippines, Singapore, Thailand, and Vietnam
gathered together at the IGCI to exchange information on specific cybercrime
situations in their respective countries. An additional cyber intelligence report
was contributed by China.
Experts from Kaspersky Lab
cooperated with the INTERPOL to share fresh cyberthreat discoveries and to
formulate recommended actions along with six other private companies, namely
Cyber Defense Institute, Booz Allen Hamilton, British Telecom, Fortinet, Palo
Alto Networks, and Trend Micro.
cooperated with the INTERPOL to share fresh cyberthreat discoveries and to
formulate recommended actions along with six other private companies, namely
Cyber Defense Institute, Booz Allen Hamilton, British Telecom, Fortinet, Palo
Alto Networks, and Trend Micro.
Being the only vendor able to
detect the infection at the time, Kaspersky Lab provided the INTERPOL team with
an exclusive report on a WordPress plugin vulnerability that has affected
thousands of websites in the region, including those belonging to government
agencies, universities, NGOs, and private businesses.
detect the infection at the time, Kaspersky Lab provided the INTERPOL team with
an exclusive report on a WordPress plugin vulnerability that has affected
thousands of websites in the region, including those belonging to government
agencies, universities, NGOs, and private businesses.
The vulnerability allowed
perpetrators to inject malicious codes to over 5,000 legitimate webpages around
the globe and redirect the users to advertising pages of counterfeit goods. The
vulnerability also allowed other types of malicious activity such as
potentially unwanted programs (PUP) downloads, password brute-forcing, and
proxy among others.
perpetrators to inject malicious codes to over 5,000 legitimate webpages around
the globe and redirect the users to advertising pages of counterfeit goods. The
vulnerability also allowed other types of malicious activity such as
potentially unwanted programs (PUP) downloads, password brute-forcing, and
proxy among others.
Kaspersky Lab has also
furnished the IGCI with an extensive list of 8,800 botnet C2 servers found to
be active in ASEAN countries, as retrieved from the Kaspersky Security
Network and Botnet C&C Threat Feed. Formed from the words “robot” and
“network”, a botnet is a zombie network of thousands or millions of
Internet-connected devices (such as PCs, smartphones, tablets, routers, smart
toys, or other gadgets) that are hacked and infected with a special malware so
that these could be controlled by a cybercriminal to deliver cyberattacks.
furnished the IGCI with an extensive list of 8,800 botnet C2 servers found to
be active in ASEAN countries, as retrieved from the Kaspersky Security
Network and Botnet C&C Threat Feed. Formed from the words “robot” and
“network”, a botnet is a zombie network of thousands or millions of
Internet-connected devices (such as PCs, smartphones, tablets, routers, smart
toys, or other gadgets) that are hacked and infected with a special malware so
that these could be controlled by a cybercriminal to deliver cyberattacks.
The botnets data shared by
Kaspersky Lab covered various malware families, specifically those targeting
financial organizations, spreading ransomware, launching distributed-denial-of-service
(DDoS) attacks, distributing spam, and enabling other criminal activities.
Investigations into the C2 servers are currently ongoing.
Kaspersky Lab covered various malware families, specifically those targeting
financial organizations, spreading ransomware, launching distributed-denial-of-service
(DDoS) attacks, distributing spam, and enabling other criminal activities.
Investigations into the C2 servers are currently ongoing.
The operation’s findings also
include the confirmation of nearly 270 websites infected with a malware code
which exploited a vulnerability in the website design application. Among the
victims of malware infection were several government websites which may have
stored some personal data of its citizens.
include the confirmation of nearly 270 websites infected with a malware code
which exploited a vulnerability in the website design application. Among the
victims of malware infection were several government websites which may have
stored some personal data of its citizens.
A number of phishing website
operators were also discovered such as one with links to Nigeria. One
cybercriminal based in Indonesia selling phishing kits via the Darknet had been
ascertained to have posted tutorial videos on YouTube showing customers how to
use the illegal software.
operators were also discovered such as one with links to Nigeria. One
cybercriminal based in Indonesia selling phishing kits via the Darknet had been
ascertained to have posted tutorial videos on YouTube showing customers how to
use the illegal software.
According to IGCI Executive
Director Noboru Nakatani, the operation was ideal as it demonstrated a highly
effective and beneficial public-private partnership in the fight against
cybercrime. “Sharing intelligence was the basis of the success of this operation,
and such cooperation is vital for long term effectiveness in managing
cooperation networks for both future operations and day-to-day activity in
combating cybercrime,” said Nakatani.
Director Noboru Nakatani, the operation was ideal as it demonstrated a highly
effective and beneficial public-private partnership in the fight against
cybercrime. “Sharing intelligence was the basis of the success of this operation,
and such cooperation is vital for long term effectiveness in managing
cooperation networks for both future operations and day-to-day activity in
combating cybercrime,” said Nakatani.
“Public-private sharing is a
critical step in fighting cybercrime in the region,” said Anton Shingarev,
Vice-President Public Affairs of Kaspersky Lab. “But for this operation, access
to intelligence and technology has been as important as the experience of
learning from each other throughout the process, resulting in better
understanding and collaboration between private partners and law enforcement
agencies. This makes the INTERPOL Global Complex for Innovations a unique
platform that transforms intelligence sharing into meaningful and impactful
actions against cybercriminals both at the regional and national levels.”
critical step in fighting cybercrime in the region,” said Anton Shingarev,
Vice-President Public Affairs of Kaspersky Lab. “But for this operation, access
to intelligence and technology has been as important as the experience of
learning from each other throughout the process, resulting in better
understanding and collaboration between private partners and law enforcement
agencies. This makes the INTERPOL Global Complex for Innovations a unique
platform that transforms intelligence sharing into meaningful and impactful
actions against cybercriminals both at the regional and national levels.”
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!