Close to 9,000 servers across Asean infected with malware

In an operation run out of its Singapore global hub, Interpol has identified 8,800 command-and-control servers and 270 websites that were compromised, including those run by governments and financial institutions.
Written by Eileen Yu, Senior Contributing Editor

In an operation targeting cybercrime across Asean, the Interpol says it has identified thousands of compromised systems that included command-and-control (C2) servers infected with malware and websites run by governments.

Some 8,800 of the servers across eight countries were found to be infected with various malware codes including those targeting financial institutions and used to launch DDoS (distributed denial-of-service) attacks. Investigations involving these systems were still ongoing, according to a statement released by Interpol, which ran the Asean operation out of its Global Complex for Innovation in Singapore.

It added that some 270 websites were found to have been infected with a malware code that exploited a vulnerability in the website design software. These compromised sites included those run by governments, which might contain personal data of their citizens, it said.

"A number of phishing website operators were also identified, including one with links to Nigeria, with further investigations into other suspects still ongoing," Interpol said. "One criminal based in Indonesia selling phishing kits via the Darknet had posted YouTube videos showing customers how to use the illicit software."

Investigators from Singapore, Indonesia, Malaysia, Myanmar, Thailand, Vietnam, and the Philippines were involved in the initiative, and exchanged information on "specific cybercrime situations" in their respective country. China also provided cyber intelligence for the operation, the Interpol said.

It added that seven companies from the private sector, including Trend Micro, Cyber Defense Institute, British Telecom, and Fortinet, were brought in during pre-operational meetings to develop information packages. Based on this information and those provided by the Asean countries, Interpol then produced 23 reports highlighting threats and cybercriminal activities as well as recommended actions for local authorities.

Stressing the need for collaboration between the public and private sectors in fighting cybercrime, Noboru Nakatani, executive director for the Interpol Global Complex for Innovation, said: "With direct access to the information, expertise, and capabilities of the private sector and specialists from the Cyber Fusion Centre, participants were able to fully appreciate the scale and scope of cybercrime actors across the region and in their countries."

Law enforcers also must proactively investigate cybersecurity vulnerabilities used by hackers, instead of waiting for victims to file reports, said Interpol.

Head of the Singapore Police Force's cybercrime unit, Cheng Khee Boon, said his team would work with counterparts in Asean as well as Interpol to "eradicate" cybercriminal activities and pledged to "spare no effort to track down cybercriminals who think that they can operate under the impunity of cross jurisdictions".

Derek Manky, Fortinet's global security strategist, said: "Cybercrime is an increasingly organised endeavour consisting of a sophisticated web of compromised systems that make it easier for criminals to scale attacks and discourage attribution of their activities.

"Compounding these challenges, cybercriminals have no regard for political boundaries or national lines and will leverage various geopolitical protocols to their advantage," Manky said. "Cooperation between the public sector working alongside both local and international law enforcement is a necessity to turn the tide against organised cybercrime."

Trend Micro's chief cybersecurity officer Ed Cabrera added that underground activities were the greatest threats to global cybersecurity and public-private collaboration was key to "disrupt, degrade, and deny cybercriminals' freedom of movement" as well as their ability to monetise their attacks.

The Singapore government earlier this month expanded local laws to allow anyone that used or transacted with illegally obtained personal information to be prosecuted, even if they were not responsible for causing the security breach. The amended laws to the Computer Misuse and Cybersecurity Act criminalised any act dealing in personal information obtained via acts considered illegal, such as hacking and identity fraud. This meant that businesses or individuals that provided, obtained, or retained hacked personal details could be charged, even though they were not responsible for the security breach.

Singapore's Ministry of Defence (Mindef) in February experienced a security breach that compromised the personal data of 850 national servicemen and employees. The incident involved its I-net system, which supported web-connected computer terminals its employees and national servicemen used for personal online communications or internet browsing.

Editorial standards