• Thursday, May 23, 2024
businessday logo


Cybercrime networks under fire as Trend Micro, Interpol co-operate to fight scourge


Trend Micro Incorporated, a global cybersecurity leader, has announced close cooperation with Interpol on the organisation’s Africa Cyber Surge II operation, disclosing that the pact has led to the identification of more than 20,000 suspicious cybercrime networks across 25 countries in Africa.

Cybercrime is a global phenomenon with a long history in Africa. The Nigerian 419 scam was for years a staple of email-based fraud, and today its modern successors range from phishing and business email compromise (BEC) to romance scams.

As countries across the continent digitise at a rapid pace, local criminal gangs are realising they have a potentially massive pool of victims to target at both home and abroad.

“There is often a misconception around how threat actors are not present on the continent. But it would be a mistake to underestimate cybercriminals in Africa. In fact, it’s become critical for organisations in both the public and private sectors to work together to fight against the growing onslaught of malicious online activity.

That’s why Trend Micro welcomes the opportunity to work with law enforcement to shut down local cybercrime operations,” Emmanuel Tzingakis, Technical Lead, African Cluster at Trend, said.

Tzingakis disclosed that, following a successful campaign to counter cybercrime on the continent last year, the policing alliance ran a four-month sequel beginning in April 2023

He added that law enforcers in 25 countries participated, under the auspices of the Interpol Africa Cybercrime Operations Desk and Interpol’s Support Programme for the African Union in relation to AFRIPOL (ISPA). Police made 14 arrests and identified a massive 20,674 suspicious cybercrime networks linked to losses of over $40 million.

Read also: Addressing cybersecurity as a supply chain issue

“Along with the alliance partners, Trend Micro was able to share information on 3,786 malicious command and control servers, 14,134 victim IPs linked to data stealer cases, 1,415 phishing links and domains,” he said, adding that there were over 400 other malicious URLs, IPs and botnets.

According to him, operation has revealed current trends in the African threat landscape, explaining that the information provided by Trend Micro to investigators offered insights into current trends within the African threat landscape.

He recalled that during the most recent African Surge operation, some startling statistics were uncovered by the Trend Micro team. The malicious infrastructure of 1,500 malicious IP addresses through Trend’s Global Threat Intelligence. These were located mainly in South Africa (57 percent), Egypt (14 percent), the Seychelles (5 percent), Algeria (5 percent) and Nigeria (4 percent).

“These IPs were linked to notorious malware families including Quakbot and Emotet, which are key enablers of ransomware and other threats,” Tzingakis said.

He said there were around 200,000 detections of malicious traffic in the first quarter of 2023, linked to scams (44 percent), malware (25 percent), phishing (17 percent) and command-and-control servers (13 percent). Most of these were facilitated by bulletproof hosting services in the Seychelles (140,000 detections) and South Africa (56,000).

He added that there were also information about prolific offshore bulletproof hosters such as 1337team Limited (48 percent), Petersburg Internet Network Ltd (19 percent) and Flokinet Ltd (13 percent)

“We had information on the ELITETEAM bulletproof hoster based in the Seychelles, which we linked to threat activity including Redline Stealer, Agent Tesla, Azorult Stealer, and Racoon Stealer, as well as generic ransomware and backdoors,” he disclosed,

Intelligence, he said, was requested by Interpol on, at least, 10 suspects engaging in fraud and BEC, adding that, through open-source tooling and crosschecking of entities such as mobile numbers, email addresses, names, aliases, IP addresses, and social media accounts, Trend Micro was able to provide invaluable assistance to investigators.

“The African Surge operation is a testament to what can be achieved when cybersecurity vendors and law enforcers work together to disrupt cybercrime networks. Trend will continue to leverage our threat intelligence to drive key insights around criminal activities in Africa and beyond, helping to put a stop to their exploitation of unsuspecting victims,” Tzingakis assured.