Fraud Management & Cybercrime , Incident & Breach Response , Next-Generation Technologies & Secure Development

Interpol Sweep Uncovers Malware Infections Throughout Asia

Operation Involved Seven Vendors and Eight Countries

Interpol headquarters in Lyon, France

Interpol, working with numerous countries and security vendors, says it has identified 270 websites across Asia - including some government portals - infected with malware that have been used for a variety of cyberattacks.

See Also: Top 5 Log Sources You Should Be Ingesting but Probably Aren't

Some of those websites "may have contained personal data of their citizens," Interpol, an international police organization, says. Also uncovered were 8,800 command-and-control servers, which are used by cybercriminals to issue commands to malware.

The findings are the result of a large investigation involving seven security vendors and eight countries, notably including China, whose cooperation has long been sought by Western law enforcement. Interpol didn't indicate if one or several cybercriminal groups was involved.

For many countries, "this operation helped participants identify and address various types of cybercrime which had not previously been tackled," says Chief Superintendent Francis Chan, head of Hong Kong's cybercrime unit.

The investigation was led by Interpol's Global Complex for Innovation, which does crime research from Singapore. Indonesia, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam were involved along with the companies Trend Micro, Kaspersky Lab, Cyber Defense Institute, Booz Allen Hamilton, British Telecom, Fortinet and Palo Alto Networks.

International Cooperation

It's unclear if all of the affected websites have been secured and the command-and-control servers taken offline. Such international operations are often extremely complicated, and Interpol alluded to the bevy of jurisdictional entanglements that often slow down investigations.

"Identifying the different legislative requirements and regulations around the region was also an important aspect of the operation, providing participants with a greater knowledge and understanding of the avenues and restrictions in conducting enquiries," Interpol says.

In a blog post, Trend Micro also addressed those difficulties.

"Despite the best efforts of law enforcement to stem the exponential growth of cybercrime, the truth is that it's an uphill struggle," writes Ed Cabrera, Trend Micro's chief cybersecurity officer. "Transnational cybercriminals these days are well resourced, determined and agile."

There's one international treaty that encourages cooperation between countries to battle electronic crime, the Convention on Cybercrime. The treaty, which has been open for signatures since 2001, sets guidelines for how countries can create anti-cybercrime legislation and set up procedures for working on fast-breaking investigations crossing international borders.

Cybercriminals have often exploited a lack of coordination between countries for their benefit, says Tom Wills, director of Ontrack Advisory, a management consulting firm with offices in the United States and Singapore. "It's a very positive development to have global law enforcement and the private sector finally cooperating against global threats this way."

Cyber Activity Reports

What has come out of the investigation are 23 Cyber Activity Reports, which will guide cleanup efforts, Interpol says.

"The reports highlighted the various threats and types of criminal activity which had been identified and outlined the recommended action to be taken by the national authorities," Interpol says.

The 270 websites were "infected with a malware code which exploited a vulnerability in the website design application," Interpol says. The command-and-control servers are still being studied, it adds.

The cybercriminal activity spanned from phishing websites with links to Nigeria to an individual in Indonesia selling kits that can be used to mount phishing attacks. The individual in Indonesia, Interpol says, also posted videos on YouTube illustrating how to use the software.

Trend Micro says it supplied information on malicious URLs related to illegal goods, hacking groups, underground forums and child exploitation material. Cabrera writes that Trend Micro also provided training on how to find malicious servers and help with analyzing seized server logs.

Managing Editor Geetha Nandikotkur contributed to this report.