Meet Microsoft’s cybercrime fighters in Asia
In 2013, an army of five million zombie computers began taking marching orders from an Eastern European cybercriminal kingpin.
These computers weren’t in a dark warehouse or an abandoned strip mall, but in homes and offices across 90 countries. The infected PCs belonged to a vast array of unwitting users who detected nothing out of the ordinary. Meanwhile, when its malevolent creators issued the command, the zombie army lurched to life.
The zombies recorded keystrokes, capturing login passwords and Social Security numbers, spying on financial information, and logging people’s most sensitive and personal information.
Video: Cybercrime by the numbers
Over the course of 18 months, this botnet, nicknamed Citadel, stole half a billion dollars from students, bankers, grandparents and businesses. It was only in June 2013 that a coalition led by Microsoft, together with FBI and partners in the technology and financial sectors, took down the botnet. Citadel is perhaps one of the most notorious botnets in recent history but it is certainly not the last we will see.
In Asia, it is estimated that there are over 5 million IP addresses connected to millions of infected devices observed in the region, including India and China. And among the top 25 infected countries globally, eight of them are from Asia. The Asian countries in the list are India, China, Indonesia, Thailand, Vietnam, the Philippines, Malaysia and Sri Lanka.
These are but just two of the latest findings shared by the team at Microsoft’s Digital Crimes Unit (DCU). In fact, according to the latest third-party studies and statistics, Asia Pacific is currently the most actively targeted region for cybercrime attacks. It therefore comes as no surprise that 79% of CIOs in Asia are concerned about security, privacy, transparency and compliance of cloud-related solutions in a recent survey by Microsoft.
A white paper published by the National University of Singapore and market research firm International Data Corporation estimates that consumers in Asia Pacific would spend about US$10.8 billion (more than 40% of world total) in identification, repair and recovering data, and dealing with identity theft from malware on pirated software in 2014. The same study, also projected that infected pirated software and lost data would cost enterprises in the region around US$229 billion (more than 45% of world total) for the same year. Looking at the economic impact on both consumers and businesses, consider that the 2013 GDP for Cambodia is US$14.04 billion while Vietnam’s GDP for the same year is US$171.22 billion.
These alarming numbers have prompted Microsoft to take a more proactive stance in Asia, as part of its global fight against cybercrime. With the opening of the Cybercrime Satellite Centre in Singapore on February 16, 2015, the company stepped up its efforts to fight malware, reduce digital risks and protect vulnerable populations, to create a safe digital world for consumers, governments and businesses in this region.
“Microsoft is committed to expand its cybercrime fighting work across the globe to protect computer users, customers, and governments through threat intelligence sharing partnerships and public-private collaboration. Our Singapore, Tokyo & Beijing Satellite Centers are examples of that expanded commitment to bring more awareness and capability around cybercrime and help reduce malware threats and digital risks in Asia,” says Keshav Dhakad, Regional Director of Intellectual Property & Digital Crimes Unit, Asia, Legal & Corporate Affairs, Microsoft.
Taking the global battle against cybercrime to Asia
The Cybercrime Satellite Centre in Singapore will serve as the Asia Pacific hub for Microsoft to drive customer, industry and law enforcement engagement on cybercrime threats in the region. At the same time, it will be used to leverage cyber threat intelligence and use big data cyber forensics analytics to help Microsoft’s customers and partners make informed decisions on cybersecurity vulnerabilities and its link with unsecure IT supply chain. Last but not least, it will act as a nodal point to drive strategic threat-intelligence sharing partnerships and collaboration with key stakeholders such as National Computer Emergency Response Teams (CERTs) & Internet Service Providers (ISPs) to foster a more secure and safer Internet ecosystem in Asia Pacific.
Singapore was the natural choice for Microsoft to set up its Cybercrime Satellite Centre, given its strategic location in Asia-Pacific, financial sector leadership, diverse and cutting edge business environment and a high-tech and mature IT ecosystem. In addition to being home to Microsoft’s Asia-Pacific headquarters and Microsoft Technology Center, the island state now also houses the newly set up Interpol Global Complex for Innovation (IGCI), which will be the epi-center for Interpol to investigate and fight digital crimes at a global level. This will facilitate closer cybercrime disruption collaboration between Interpol and Microsoft and will eventually benefit computer users, organizations and businesses in the region.
With one of the largest IT footprints in the world, Microsoft has been protecting and securing its platform, products and services for several decades, but what is unique about Microsoft is its ability to play ‘offence’ against cybercriminals. Keshav explains, “It is just not about defending our platforms from cyberattacks and building better security and anti-malware features into our products and services. What is distinct and unique is our innovation to proactively fight cybercrime, hand-in-hand with key industry and government stakeholders.”
At the forefront of this battle is the state-of-the-art Cybercrime Center in Microsoft’s Global HQ at Redmond, US, a tangible example of Microsoft’s commitment to protect its customers from cybercrime. Keshav says proudly, “At the Center, our customers, partners and vendors can witness live global cyber threat intelligence, and learn a huge deal about malware and their threats as we research them. It’s a unique factor for us to stay ahead of the curve on cybersecurity, understand new threats, and build trusted applications, cloud services and products. ”
Video: Fighting cybercrime – A new era of collaboration
The malware threat intelligence data from the Cybercrime Center databases, under the program called “Cyber-Threat Intelligence Program (C-TIP)” is provided free of cost to around 45+ National Computer Emergency Response Teams (CERTs) in geographies across the world. The C-TIP enables CERTs to not only understand live malware infection landscape in their respective geographies, but also undertake awareness & notification activities, including dissemination of anti-malware tools to get rid of infections. Several ISPs are also taking advantage of this free program, which has been customized for them to identify, notify and remediate any internal malware threats impacting their subscribers. Keshav further explains, “Today, we are proud about the fact that our cloud customers on Azure & Office 365 can take benefit of the CTIP program. It allows them to run live security reports to detect whether any of their IP Addresses have infected devices behind them and lets them take corrective measures in real time. With this Microsoft has now brought malware threat intelligence to the door-step of its customers”.
Once the Cybercrime Center in Redmond identifies new malware threats, malicious strains are investigated to understand their risks, origins and engineering, and how widespread is their botnet impact and victimization. The research can ultimately lead to a court-supported legal disruption action of the cybercriminal network. The DCU team collaborates with law enforcement, anti-virus companies, IP owners, academia, and industry partners to investigate, research and undertake effective disruptive actions. DCU’s actions against financial malware bots such “Zeus”, “Citadel”, “Game-Over-Zeus” or “Caphaw” were also made possible through strong collaboration with financial industry partners, such as the Financial Services Information Sharing and Analysis Center (FS-ISAC). In September, 2014, FS-ISAC signed a threat intelligence sharing agreement with Microsoft to fight cybercrime and protect the financial services industry. A similar agreement was also signed with FIS Global, the world’s largest global provider dedicated to banking and payments technologies serving more than 14,000 institutions in over 110 countries.
The Singapore Cybercrime Satellite Centre is one of five such Microsoft facilities in Asia, with the others located in Beijing (China), Tokyo (Japan), Seoul (South Korea) and Gurgaon (India) and these numbers will only grow with time. The Centre will support all major Southeast Asian countries, Australia, New Zealand and India.
Keshav points out, “As a productivity and platform company in a mobile-first, cloud-first world, we strongly believe in trusted applications, devices and Cloud services. We want to deliver the best experience to our customers and partners, but with a deep commitment to cybersecurity, privacy, compliance and transparency, ensuring that users of our technology and Cloud services have a clear sense of ‘trust’.”
Fighting cybercrime pro-actively is one such way Microsoft demonstrates ‘trust’. Out of 15 global botnet takedowns in the last six years, 12 actions were led by Microsoft.
“The number of malicious codes (malware) are rising exponentially. Cybercriminals will strike where there is an opportunity for them to exploit IT supply chain and usage vulnerabilities and steal private, financial and confidential data from computers and misuse or sell it. The greater the malware infections, the more cybercriminals are able to cause massive disruptions and losses. With rising sophistication, everyone is vulnerable and the question is not who, but when one would be attacked.” says Keshav, emphasizing the rising global nature of cybercrime today.
Crucially, the battle against cybercrime doesn’t end there. All the learnings from Microsoft’s cyber threat intelligence and investigations against cybercriminals, helps build better security features back into our product and services. “For us Cybersecurity is not just one other important thing that we focus on. It is an integral part of building an IT ecosystem where people feel safe when they use technology,” highlights Keshav.
Video: What is a botnet?
Microsoft has used this hands-on knowledge to strengthen the Windows Operating System over the years. “Any device that runs the latest version of Windows is protected by the most advanced and breakthrough cybersecurity features, including groundbreaking malware resistance and authentication features. Our Cloud cybersecurity, privacy standards and governance models are unparalleled in the industry,” says Keshav proudly. Windows 10 addresses modern security threats with advancements to strengthen identity protection and access controls, information protection and threat resistance. This Operating System will move away from the use of single-factor authentication options like passwords, and deliver options to help enterprises protect against common causes of malware on PCs.
He concludes, “With fighting malware and cybercrime, we also want cybercriminals to know that Microsoft platforms will always remain hostile to their nefarious activities, and we will continue to invest in innovative technology and tools that help us fight new threats to protect our customers. That’s where we’ve been successful in creating a secure, trusted and reliable environment-be it on-premise or on the Cloud.”
With economic losses as a result of malware and pirated software expected to hit the Asia Pacific region hardest, the global efforts to fight cybercrime to create a safer world are more relevant than ever before!