Global cybersecurity leader Trend Micro Incorporated has announced that its close cooperation with INTERPOL on the organisation’s Africa Cyber Surge II operation has led to the identification of more than 20,000 suspicious cybercrime networks across 25 countries on the continent.
The Nigerian 419 scam was for years a staple of email-based fraud, and today its modern successors range from phishing and business email compromise (BEC) to romance scams.
“There is often a misconception around how threat actors are not present on the continent. But it would be a mistake to underestimate cybercriminals in Africa. In fact, it’s become critical for organisations in both the public and private sectors to work together to fight against the growing onslaught of malicious online activity. That’s why Trend Micro welcomes the opportunity to work with law enforcement to shut down local cybercrime operations,” says Emmanuel Tzingakis, Technical Lead, and African Cluster at Trend.
Following a successful campaign to counter cybercrime on the continent last year, the policing alliance ran a four-month sequel beginning in April 2023. Law enforcers in 25 countries participated, under the auspices of the INTERPOL Africa Cybercrime Operations Desk and INTERPOL’s Support Programme for the African Union in relation to AFRIPOL (ISPA).
Along with the alliance partners, Trend Micro was able to share information on: 3,786 malicious command and control servers, 14,134 victims IPs linked to data stealer cases, 1,415 phishing links and domains.
The information provided by Trend Micro to investigators offers insights into current trends within the African threat landscape. During the most recent African Surge operation, the following was uncovered by the Trend Micro team:
The malicious infrastructure of 1,500 malicious IP addresses through Trend’s Global Threat Intelligence. These were located mainly in South Africa (57 per cent), Egypt (14 per cent), the Seychelles (5 per cent), Algeria (5 per cent) and Nigeria (4 per cent). These IPs were linked to notorious malware families including Quakbot and Emotet, which are key enablers of ransomware and other threats.
Around 200,000 detections of malicious traffic in the first quarter of 2023, linked to scams (44 per cent), malware (25 per cent), phishing (17 per cent) and command-and-control servers (13 per cent).
Most of these were facilitated by bulletproof hosting services in the Seychelles (140,000 detections) and South Africa (56,000).
Information about prolific offshore bulletproof hosting such as 1337team Limited (48 per cent), Petersburg Internet Network Ltd (19 per cent) and Flokinet Ltd (13 per cent).
