An INTERPOL-coordinated operation in Southeast Asia against an emerging form of cybercrime known as cryptojacking has led to a massive reduction in the number of infected devices across the region.
Cryptojacking is the unauthorized use of victims’ computing power to mine cryptocurrency for the cybercriminals. In cryptojacking, the victims unwittingly install a programme with malicious scripts that allow the cybercriminals to access their computer or other Internet-connected devices. This is often the result of victims clicking on malicious links or visiting infected websites. Programmes called ‘coin miners’ are then used by the cybercriminals to mine cryptocurrency.
Based on data from police and partners in the cybersecurity industry, INTERPOL identified a global cryptojacking campaign facilitated by the exploitation of a vulnerability in MikroTik routers. Intelligence was developed and disseminated via Cyber Activity Reports to the affected member countries.
Recognizing cryptojacking as a growing threat in the countries of the ASEAN (Association of Southeast Asian Nations) region, INTERPOL’s ASEAN Cyber Capability Desk launched Operation Goldfish Alpha in June 2019. At that time, intelligence identified more than 20,000 hacked routers in the region, accounting for 18 per cent of infections globally. With support from INTERPOL’s Cyber Foundation project, an operational meeting was held in June 2019 to coordinate the response.
During the five months of the operation, cybercrime investigators and experts from police and national Computer Emergency Response Teams (CERTs) across the 10 ASEAN countries (Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam) worked together to locate the infected routers, alert the victims and patch the devices so they were no longer under the control of the cybercriminals. INTERPOL’s ASEAN Desk facilitated the exchange of information and follow-up actions amongst the countries involved.
When the operation concluded in late November, the number of infected devices had been reduced by 78 per cent. Efforts to remove the infections from the remaining devices continue.
Private sector support
Private sector partners including Cyber Defense Institute and Trend Micro supported the operation through information sharing and analysis of cryptojacking cases, and providing the participating countries with guidelines for patching infected routers and advice on preventing future infections. The National Cyber Security Center of Myanmar also issued a set of good cyber hygiene guidelines for protecting against cryptojacking.
“When faced with emerging cybercrimes like cryptojacking, the importance of strong partnerships between police and the cybersecurity industry cannot be overstated,” said INTERPOL’s Director of Cybercrime, Craig Jones.
“By combining the expertise and data on cyberthreats held by the private sector with the investigative capabilities of law enforcement, we can best protect our communities from all forms of cybercrime,” concluded Mr Jones.
As a crime type which is not yet widely known to law enforcement worldwide, Operation Goldfish Alpha also served to increase awareness of cryptojacking, how to identify it and how to mitigate the threat.