Cybersecurity vendors and law enforcers play a symbiotic role in tackling cybercrime. Solution and service providers like Trend Micro help to keep customers safe from attacks. But these attacks will keep on coming unless we discomfort and disrupt the threat actors themselves. This is the job of INTERPOL and its member organizations.
Trend is committed to forging strong alliances with our law enforcement partners around the world. We were delighted to make a significant contribution to the Africa Cyber Surge II operation, which has had a significant impact across 25 countries on the continent.
Tackling cybercrime across Africa
Cybercrime is a global phenomenon with a long history in Africa. The Nigerian 419 scam was for years a staple of email-based fraud, and today its modern successors range from phishing and business email compromise (BEC) to romance scams. As countries across the continent digitize at a rapid pace, local criminal gangs are realizing they have a potentially massive pool of victims to target both at home and abroad.
That’s why we’re joining INTERPOL’s Africa Surge operation. Following a successful campaign to counter cybercrime on the continent last year, the policing alliance ran a four-month sequel beginning in April 2023. Law enforcers in 25 countries participated, under the auspices of the INTERPOL Africa Cybercrime Operations Desk and INTERPOL’s Support Program for the African Union in relation to AFRIPOL (ISPA). Police made 14 arrests and identified a massive 20,674 suspicious cybercrime networks linked to losses of over $40m.
Along with our partners, we were able to share information on:
- 3,786 malicious command and control servers
- 14,134 victim IPs linked to data stealer cases
- 1,415 phishing links and domains
- 939 scam IPs
- Over 400 other malicious URLs, IPs and botnets
Collaborative triumph between Trend and INTERPOL
Trend Micro provided investigators with:
- Uncovering malicious infrastructure of 1,500 malicious IP addresses through Trend's Global Threat Intelligence. These were located mainly in South Africa (57%), Egypt (14%), the Seychelles (5%), Algeria (5%) and Nigeria (4%). These IPs were linked to notorious malware families including Quakbot and Emotet which are key enablers of ransomware and other threats
- Around 200,000 detections of malicious traffic in Q1 2023, linked to scams (44%), malware (25%), phishing (17%) and C&C servers (13%). Most of these were facilitated by bulletproof hosting services in the Seychelles (140,000 detections) and South Africa (56,000)
- Assistance investigating cryptocurrency scams linked to the darknet Hydra marketplace
- Information about prolific offshore bulletproof hosters such as 1337team Limited (48%), Petersburg Internet Network Ltd (19%) and Flokinet Ltd (13%)
- Information on the ELITET EAM bulletproof hoster based in the Seychelles, which we linked to threat activity including Redline Stealer, Agent Tesla, Azorult Stealer, and Racoon Stealer, as well as generic ransomware and backdoors
- Intelligence requested by INTERPOL on at least 10 suspects engaging in fraud and BEC. Through open-source tooling and crosschecking of entities such as mobile numbers, email address, names, aliases, IP addresses, and social media accounts, we were able to provide invaluable assistance to investigators
Global police do a fantastic job of hunting down those responsible for cybercrime. But resources and in-house expertise are often stretched. That’s why public-private partnerships are so important to the ongoing fight against ceaseless malicious online activity. And it’s why we’ll always jump at the chance to help our law enforcement partners at INTERPOL and elsewhere.
The synergy between cybersecurity vendors and law enforcers stands as a testament to the formidable force that arises when global leaders unite to dismantle the web of cybercrime. Trend will continue to provide intelligence around infrastructure, threats, and adversaries (threat actors) with law enforcement to help bring criminals to justice and ensure they cannot continue to target victims worldwide.