World Security Report2020-01-09 12:03:19
INTERPOL-led action takes aim at cryptojacking in Southeast Asia
An INTERPOL-coordinated operation in Southeast Asia against an emerging form of cybercrime known as cryptojacking has led to a massive reduction in the number of infected devices across the region.
Cryptojacking is the unauthorized use of victims’ computing power to mine cryptocurrency for the cybercriminals. In cryptojacking, the victims unwittingly install a programme with malicious scripts that allow the cybercriminals to access their computer or other Internet-connected devices. This is often the result of victims clicking on malicious links or visiting infected websites. Programmes called ‘coin miners’ are then used by the cybercriminals to mine cryptocurrency.
Based on data from police and partners in the cybersecurity industry, INTERPOL identified a global cryptojacking campaign facilitated by the exploitation of a vulnerability in MikroTik routers. Intelligence was developed and disseminated via Cyber Activity Reports to the affected member countries.
Recognizing cryptojacking as a growing threat in the countries of the ASEAN (Association of Southeast Asian Nations) region, INTERPOL’s ASEAN Cyber Capability Desk launched Operation Goldfish Alpha in June 2019. At that time, intelligence identified more than 20,000 hacked routers in the region, accounting for 18 per cent of infections globally. With support from INTERPOL’s Cyber Foundation project, an operational meeting was held in June 2019 to coordinate the response.
During the five months of the operation, cybercrime investigators and experts from police and national Computer Emergency Response Teams (CERTs) across the 10 ASEAN countries (Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam) worked together to locate the infected routers, alert the victims and patch the devices so they were no longer under the control of the cybercriminals. INTERPOL’s ASEAN Desk facilitated the exchange of information and follow-up actions amongst the countries involved.
When the operation concluded in late November, the number of infected devices had been reduced by 78 per cent. Efforts to remove the infections from the remaining devices continue.
Private sector support
Private sector partners including Cyber Defense Institute and Trend Micro supported the operation through information sharing and analysis of cryptojacking cases, and providing the participating countries with guidelines for patching infected routers and advice on preventing future infections. The National Cyber Security Center of Myanmar also issued a set of good cyber hygiene guidelines for protecting against cryptojacking.
For more information contact: