INTERPOL Cyber Operation Takes Down 22,000 Malicious IP Addresses
Summary:
On Tuesday, Interpol announced the takedown of more than 22,000 malicious IP addresses or servers linked to cyber threats, as part of a coordinated operation involving private sector partners and law enforcement agencies from 95 INTERPOL member countries. The operation, codenamed ‘Synergia II,’ was conducted between April 1 and August 31 of this year. Interpol says it worked with partners such as Group-IB, Trend Micro, Kaspersky, and Team Cymru to track illegal cyber activities and identify thousands of malicious servers. This information was further passed to participating law enforcement agencies, resulting in a series of coordinated actions, including house searches, disruption of malicious cyber activities, and lawful seizures of servers and electronic devices. Below is a list of the countries that participated in this operation:
Security Officer Comments:
According to Interpol, the recent operation focused on dismantling key infrastructure associated with three major types of cybercrime: phishing, infostealers, and ransomware. Phishing remains one of the most common methods used by cybercriminals to gain initial access to target environments. The growing popularity of AI technologies, such as ChatGPT, has significantly enhanced their capabilities, enabling the rapid generation of highly convincing phishing emails in multiple languages, often with near-perfect grammar, making them all the more difficult to detect.
Infostealers have also become a preferred tool for cybercriminals, as they are designed to capture sensitive information, including login credentials and financial data. Notably, Interpol reports a 40% increase in the sale of logs harvested by infostealers on the dark web, highlighting their growing prevalence and the lucrative market for stolen data.
Ransomware continues to be a major global threat, with Interpol observing a 70% rise in attacks across all sectors in 2023. These attacks typically involve encrypting a victim's files and demanding a ransom in exchange for the decryption key. In recent years, ransomware actors have escalated their tactics by exfiltrating sensitive data before encryption, threatening to publicly release it on data leak sites if the ransom is not paid. This double extortion method has further amplified the risks associated with ransomware attacks.
Link(s):
https://www.interpol.int/News-and-E...tion-takes-down-22-000-malicious-IP-addresses
On Tuesday, Interpol announced the takedown of more than 22,000 malicious IP addresses or servers linked to cyber threats, as part of a coordinated operation involving private sector partners and law enforcement agencies from 95 INTERPOL member countries. The operation, codenamed ‘Synergia II,’ was conducted between April 1 and August 31 of this year. Interpol says it worked with partners such as Group-IB, Trend Micro, Kaspersky, and Team Cymru to track illegal cyber activities and identify thousands of malicious servers. This information was further passed to participating law enforcement agencies, resulting in a series of coordinated actions, including house searches, disruption of malicious cyber activities, and lawful seizures of servers and electronic devices. Below is a list of the countries that participated in this operation:
- Hong Kong (China): Police supported the operation by taking offline more than 1,037 servers linked to malicious services.
- Mongolia: Investigations included 21 house searches, the seizure of a server and the identification of 93 individuals with links to illegal cyber activities.
- Macau (China): Police took 291 servers offline.
- Madagascar: Authorities identified 11 individuals with links to malicious servers and seized 11 electronic devices for further investigation.
- Estonia: Police seized more than 80GB of server data and authorities are now working with INTERPOL to conduct further analysis of data linked to phishing and banking malware.
Security Officer Comments:
According to Interpol, the recent operation focused on dismantling key infrastructure associated with three major types of cybercrime: phishing, infostealers, and ransomware. Phishing remains one of the most common methods used by cybercriminals to gain initial access to target environments. The growing popularity of AI technologies, such as ChatGPT, has significantly enhanced their capabilities, enabling the rapid generation of highly convincing phishing emails in multiple languages, often with near-perfect grammar, making them all the more difficult to detect.
Infostealers have also become a preferred tool for cybercriminals, as they are designed to capture sensitive information, including login credentials and financial data. Notably, Interpol reports a 40% increase in the sale of logs harvested by infostealers on the dark web, highlighting their growing prevalence and the lucrative market for stolen data.
Ransomware continues to be a major global threat, with Interpol observing a 70% rise in attacks across all sectors in 2023. These attacks typically involve encrypting a victim's files and demanding a ransom in exchange for the decryption key. In recent years, ransomware actors have escalated their tactics by exfiltrating sensitive data before encryption, threatening to publicly release it on data leak sites if the ransom is not paid. This double extortion method has further amplified the risks associated with ransomware attacks.
Link(s):
https://www.interpol.int/News-and-E...tion-takes-down-22-000-malicious-IP-addresses