SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Email Security
#
Phishing
Trend Micro, Interpol take down phishing operation
Thu, 17th Aug 2023
Author image
By Shannon Williams, Journalist
Follow us

Global cybersecurity firm Trend Micro has announced that its close cooperation with law enforcement has led to another major win after the dismantling of a prolific phishing-as-a-service (PaaS) operation.

"Trend Micro has been a committed partner of Interpol for many years, so when the call came for help, we didn't waste a second," says Ashley Watkins, Vice President, Commercial ANZ, Trend Micro. 

"As this takedown proves once again, public-private partnerships backed by powerful threat intelligence can be a force multiplier for international cybercrime investigations," Watkins says.

Trend Micro was first approached by Interpol in 2020 when the policing alliance requested threat intelligence regarding PaaS site 16shop. The platform sold phishing kits designed to lower the barrier to entry to budding cybercriminals, enabling them to scale scam campaigns with ease.

Through its research, Trend found and reported to Interpol that:

  •           Attacks supported by 16shop were particularly prevalent in Japan, as well as the US and Germany.
  •           Customers of 16shop were able to craft phishing pages to harvest Amazon, American Express, PayPal, Apple, and CashApp credentials as well as US banking logins.
  •           The platform's phishing kits automatically localised the language of phishing sites depending on the victims' location.
  •           It featured capabilities designed to thwart analysis, such as anti-sandboxing and geolocated access restrictions.
  •           16shop's web infrastructure was hosted across numerous legitimate cloud providers to further avoid detection.
  •           The site was active from 2018 until at least 2021, with copycat sites most likely springing up after this date.

According to Interpol, Trend Micro's threat intelligence report helped lead to the arrest of the suspected administrator of 16shop and two other suspects in Indonesia and Japan. In total, 16shop is estimated to have enabled phishing attacks on over 70,000 victims in 43 countries.

The company's close support of Interpol in this operation follows numerous previous engagements, including 2022's Operation African Surge, and the dozens of training sessions the cybersecurity provider has delivered to law enforcement agencies since 2014, including a five-day course recently held in Manila.

Earlier this year, published new research uncovering the inner workings of cybercrime organisations.

The report, 'Inside the Halls of a Cybercrime Business', examined the operations of small, medium, and large criminal groups. The report details a day in the lives of employees and how they operate within hierarchies that increasingly resemble legitimate businesses as the group expands.

According to Trend Micro, while small cybercrime groups typically consist of a few members operating under a partnership model - most of whom usually have day jobs on top of their role in the group - employees of larger organisations tend to lead lives similar to corporate workers at legitimate software companies.

Large cybercrime organisations tend to have corporate-like departments such as human resources (HR) and information technology (IT), and might even have “employee-of-the-month” recognition programmes and performance reviews.

Related stories
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
Jason Haddix joins Flare as Field Chief Information Security Officer
High Performance Podcast duo to keynote Infosecurity Europe conference
New UK cybersecurity law takes effect amid evolving threats
Top stories
The messaging evolution and the fight against fraud
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity