The revelation this week that an international operation has brought down thousands of malicious IP addresses is good news, a cybersecurity expert says, but even better news is the arrest of 41 suspects.
“Technological disruptions matter, because one way of not disrupting their environment is the idea that there are no consequences, no costs” in cybercrime, David Shipley, head of the Canadian awareness training provider Beauceron Security, in an interview. “What I like about infrastructure bombing is that it puts a cost on cybercrime. Currently the return on investment is very high [for crooks].”
But, he added, “the truth is [crooks think] ‘You have 22,000 IP addresses? I will get another 22,000. I’m going to get a bunch of new phishing sites, new servers.’ So finding certain people and putting results in that way is very important.
“One of the things that has the most negative impact is that [police] finding people, the ability to create distrust in the cyber crime community is very important. See [crooks] they think people will cry, they think they can’t trust communication. That can have a long, lasting impact.”
For example, he said, in 2023, after law enforcement took down the Genesis Market, which was used by fraudsters to sell stolen coins, police in many countries tracked down market members to warn them, “We know who you are, we. know what you have done. Stop.”
“That’s important,” Shipley said.
His comments come after Interpol said this week that law enforcement agencies in 95 countries, working with four cybersecurity companies, took down 22,000 addresses or servers, and arrested 41 people in five countries. It is still investigating 65 other people.
Vendors that helped with threat intelligence included Trend Micro, Kaspersky, Group-IB and Team Cymru.
While the announcement was made on Tuesday, the actual action took place between April and August.
It was the second phase of Operation Synergia, going after sites that distribute phishing emails, infostealers, and ransomware around the world.
In addition to the termination of IP addresses, 43 devices were seized, including servers, laptops, mobile phones and hard disks.
In Hong Kong, more than 1,037 servers were down. In Macau, 291 servers were taken offline. In Estonia, police seized more than 80GB of server data, while in Madagascar, authorities identified 11 people with links to malicious servers and seized 11 electronic devices for further investigation.
The first phase of the project began in the fall of 2023 and involved 60 law enforcement agencies in 50 countries. It took down command and control servers that spread the malware in Europe, Hong Kong, and Singapore, and arrested 30 people.
Jon Clay, Trend Micro’s VP of threat intelligence, told CSO Online via email that the company often assists Interpol and other law enforcement agencies that request its information. In this case Trend Micro had information about IP addresses.
“This work was notable for several reasons,” he wrote: First, it shows that the efforts of law enforcement agencies are improving. Second, arresting more cybercriminals will hopefully send a message to others that they may be at risk of being arrested as well.
“In my opinion, law enforcement agencies are finding more success recently,” he added, “which is good news, and public/private partnerships have been seen to be contributing to these efforts. Even during the recent Lockbit takedown where the leader was not arrested, their efforts to destroy his image led to the group reducing its victims.”
Operation Synergia is one of several ongoing projects of Interpol. In December, it said the fourth phase of Operation Haechi ended with the arrest and seizure of assets worth US$300 million (about 273 million Euros) in 34 countries and the closure of 82,112 suspicious bank accounts. Another prominent online gambling criminal was arrested after a two-year manhunt by Korea’s national police agency. Investment fraud, corporate email compromise, and e-commerce fraud accounted for 75% of the cases investigated in Haechi IV.
Operation Haechi focuses on attacking business email fraud, e-commerce fraud, phishing, romance scams, online sex fraud, investment fraud, and money laundering related to online gambling.
Meanwhile, the FBI and other law enforcement agencies continue to go after ransomware gangs. Their success included breaking into the Hive gang’s computer infrastructure and providing over 300 decryption keys to Hive victims.
This week, acting at the request of the US, Canadian police arrested a man, reportedly involved in hacking companies using the Snowflake cloud-based database.
But cybercrime doesn’t seem to be slowing down.
According to Microsoft’s latest Digital Defense Report, “the world’s bad actors are better equipped and better prepared, with evolving strategies, tactics, and tools that challenge even the world’s best cybersecurity defenders.”
Cyber attacks, the report said, “continue at an alarming rate.”
“But what are the alternatives [to pursuing cybercrooks]?” asked Shipley. “If we are the police and try to disrupt, we are essentially saying that there is no cost to committing cybercrime. So we have to do something. And there is good that comes from this. Is it a magic wand that though police action alone and good old fashioned gumshoe work and criminal prosecution will end the scourge of cybercrime? No. But it doesn’t mean we don’t try.”
Using technology to improve cyber defense is helpful, he said, as is building hardware and software to be secure by design. But right now, fraudsters can make a lot of money with little risk through cybercrime. Until governments fundamentally change that equation — including doing tough things like having a serious conversation about keeping ransomware payments illegal — that won’t change, he said.
Source link