Global cybersecurity firm Trend Micro has announced that its close cooperation with law enforcement has led to another major win after the dismantling of a prolific phishing-as-a-service (PaaS) operation.
“Trend Micro has been a committed partner of Interpol for many years, so when the call came for help, we didn’t waste a second,” says Ashley Watkins, Vice President, Commercial ANZ, Trend Micro.
“As this takedown proves once again, public-private partnerships backed by powerful threat intelligence can be a force multiplier for international cybercrime investigations,” Watkins says.
Trend Micro was first approached by Interpol in 2020 when the policing alliance requested threat intelligence regarding PaaS site 16shop. The platform sold phishing kits designed to lower the barrier to entry to budding cybercriminals, enabling them to scale scam campaigns with ease.
Through its research, Trend found and reported to Interpol that:
- Attacks supported by 16shop were particularly prevalent in Japan, as well as the US and Germany.
- Customers of 16shop were able to craft phishing pages to harvest Amazon, American Express, PayPal, Apple, and CashApp credentials as well as US banking logins.
- The platform’s phishing kits automatically localised the language of phishing sites depending on the victims’ location.
- It featured capabilities designed to thwart analysis, such as anti-sandboxing and geolocated access restrictions.
- 16shop’s web infrastructure was hosted across numerous legitimate cloud providers to further avoid detection.
- The site was active from 2018 until at least 2021, with copycat sites most likely springing up after this date.
According to Interpol, Trend Micro’s threat intelligence report helped lead to the arrest of the suspected administrator of 16shop and two other suspects in Indonesia and Japan. In total, 16shop is estimated to have enabled phishing attacks on over 70,000 victims in 43 countries.
The company’s close support of Interpol in this operation follows numerous previous engagements, including 2022’s Operation African Surge, and the dozens of training sessions the cybersecurity provider has delivered to law enforcement agencies since 2014, including a five-day course recently held in Manila.
Earlier this year, published new research uncovering the inner workings of cybercrime organisations.
The report, ‘Inside the Halls of a Cybercrime Business’, examined the operations of small, medium, and large criminal groups. The report details a day in the lives of employees and how they operate within hierarchies that increasingly resemble legitimate businesses as the group expands.
According to Trend Micro, while small cybercrime groups typically consist of a few members operating under a partnership model – most of whom usually have day jobs on top of their role in the group – employees of larger organisations tend to lead lives similar to corporate workers at legitimate software companies.
Large cybercrime organisations tend to have corporate-like departments such as human resources (HR) and information technology (IT), and might even have “employee-of-the-month” recognition programmes and performance reviews.