Cyber criminals are more organised than ever before and their operation, designed to orchestrate ransomware, encryption, and denial-of-service attacks resemble legitimate businesses.
This is according to Emmanuel Tzingakis, technical lead, African and venture markets at cyber security firm Trend Micro.
Tzingakis says cyber criminal groups operate as well-organised ventures with their own recruitment and finance departments. This is why threat intelligence is crucial to support efforts to curb criminal activity, he adds.
Trend Micro shares its threat intelligence with other security vendors, as well as academics and law enforcement agencies. Tzingakis emphasises Trend Micro’s partnership with Interpol and its contribution towards the Africa Cyber Surge Operation, a four-month joint operation enforced by Interpol and Afripol.
This initiative was started in 2022 and in 2023 law enforcement organisations from 25 countries participated.
According to Trend Micro, it provided investigators with information about over 3 700 malicious command and control servers, 1 500 malicious IP addresses located in South Africa, Egypt, the Seychelles, Algeria and Nigeria, and malicious traffic detections linked to scams, malware, phishing and command and control servers.
From this and other shared insights, police made 14 arrests and identified 20 674 suspicious cyber crime networks linked to losses of over $40 million.
Tzingakis adds that while law enforcement agencies work hard to curb cyber crime, they also struggle with a lack of resources and in-house expertise. “That’s why public-private partnerships (PPPs) are so important to the ongoing fight against ceaseless malicious online activity.”
Trend Micro refers to the takedown of ransomware gang LockBit as an example of how PPPs can work.
“The ransomware-as-a-service (RaaS) group was responsible for between 25% and 33% of all ransomware attacks in 2023, claiming thousands of victims since it was first observed in September 2019. LockBit’s business model revolved around affiliates that would be responsible for the attacks with the group claiming a 20% cut of the ransomware payment,” says Tzingakis.
In February this year, the UK’s National Crime Agency initiated Operation Cronos which saw the seizure of the group’s source code, its technical infrastructure used to carry out attacks and its leak site.
With these in hand, law enforcement announced arrests, sanctions, and cryptocurrency confiscations. The operation was well publicised across LockBit’s network and site, which has helped to undermione the gang’s once powerful reputation as a RaaS group.
“Following Operation Cronos, Trend Micro received a sample of what is believed to be a new version of LockBit’s software. With this sample, we have been able to pass on intelligence to our law enforcement partners and bolster our defences for customers,” adds Tzingakis.
Share