Global cybersecurity leader Trend Micro Incorporated has announced that its close cooperation with INTERPOL on the organisation’s Africa Cyber Surge II operation has led to the identification of more than 20,000 suspicious cybercrime networks across 25 countries on the continent.
The Nigerian 419 scam was for years a staple of email-based fraud, and today its modern successors range from phishing and business email compromise (BEC) to romance scams.
“There is often a misconception around how threat actors are not present on the continent. But it would be a mistake to underestimate cybercriminals in Africa. In fact, it’s become critical for organisations in both the public and private sectors to work together to fight against the growing onslaught of malicious online activity. That’s why Trend Micro welcomes the opportunity to work with law enforcement to shut down local cybercrime operations,” says Emmanuel Tzingakis, Technical Lead, African Cluster at Trend.
Following a successful campaign to
counter cybercrime on the continent last year, the policing alliance ran a
four-month sequel beginning in April 2023. Law enforcers in 25 countries
participated, under the auspices of the INTERPOL Africa Cybercrime Operations
Desk and INTERPOL’s Support Programme for the African Union in relation to
AFRIPOL (ISPA).
Along with the alliance partners,
Trend Micro was able to share information on: 3,786 malicious command and
control servers, 14,134 victim IPs linked to data stealer cases, 1,415 phishing
links and domains.
The information provided by Trend
Micro to investigators offers insights into current trends within the African
threat landscape. During the most recent African Surge operation, the following
was uncovered by the Trend Micro team:
The malicious infrastructure of
1,500 malicious IP addresses through Trend's Global Threat Intelligence. These
were located mainly in South Africa (57 per cent), Egypt (14 per cent), the
Seychelles (5 per cent), Algeria (5 per cent) and Nigeria (4 per cent). These
IPs were linked to notorious malware families including Quakbot and Emotet,
which are key enablers of ransom ware and other threats.
Around 200,000 detections of
malicious traffic in the first quarter of 2023, linked to scams (44 per cent),
malware (25 per cent), phishing (17 per cent) and command-and-control servers
(13 per cent). Most of these were facilitated by bulletproof hosting services
in the Seychelles (140,000 detections) and South Africa (56,000).
Information about prolific
offshore bulletproof hosting such as 1337team Limited (48 per cent), Petersburg
Internet Network Ltd (19 per cent) and Flokinet Ltd (13 per cent)
Intelligence requested by INTERPOL
on at least 10 suspects engaging in fraud and BEC. Through open-source tooling
and crosschecking of entities such as mobile numbers, email addresses, names,
aliases, IP addresses, and social media accounts, Trend Micro was able to
provide invaluable assistance to investigators.
“The African Surge operation is a
testament to what can be achieved when cyber security vendors and law enforcers
work together to disrupt cybercrime networks. Trend will continue to leverage
our threat intelligence to drive key insights around criminal activities in
Africa and beyond, helping to put a stop to their exploitation of unsuspecting
victims,” concludes Tzingakis.
No comments:
Post a Comment
DISCLAIMER
Comments expressed here do not in any way reflect the opinions of All City News or any employee thereof. It assumes no responsibility or liability for any errors or omissions in the comments.