The APAC, or Asia-Pacific, region is fast becoming a hotspot for the construction of botnets that can launch crippling DDoS attacks. According to CenturyLink’s latest threat report on cybersecurity issues, China, South Korea, Japan, India and Hong Kong were the main economies in the region for hosting the command and control (also called C&C or C2) servers, which are most commonly used to collect and control botnets. The botnets are being used to launch attacks in APAC, as well as in other territories, including the U.S., Germany, Russia and the U.K.
CenturyLink said that locations with strong or rapidly increasing IT networks and infrastructure remain the main source for cybercriminal activity.
In constructing its report, CenturyLink followed an average of 195,000 threats daily that impact around 104 million unique targets as a result of the botnets.
“Botnets are one of the foundational tools that bad actors rely on to steal sensitive data and launch DDoS attacks,” said Mike Benjamin, head of CenturyLink’s Threat Research Labs. “By analysing global botnet attack trends and methods, we are better able to anticipate and respond to emerging threats in defence of our own network and those of our customers.”
A cybercrime investigation led by Interpol in April 2017 discovered almost 9,000 C2 servers in Southeast Asia that had been used to compromise almost 300 websites, including various government portals that could hold citizens’ personal information. Each of the websites was found to be infected with malware that took advantage of a vulnerability in web design applications.
The investigation brought together government officials from Indonesia, Malaysia, Myanmar, the Philippines, Singapore, Thailand and Vietnam who shared information on particular cybercrime situations in each territory. China provided additional cyber intelligence. Seven cyber security companies also took part in pre-operational meetings to provide data on C2 servers found to be active in APAC.
Francis Chan, chairman of Interpol’s Eurasian cyber crime working group and head of the Hong Kong Police Force’s cyber crime unit, said the operation had bolstered the capacity and expertise of officers in the participating countries, a necessity given the fast-growing rate of cybercrime in this region.
“For many of those involved, this operation helped participants identify and address various types of cyber crime which had not previously been tackled in their countries,” said Chan.
“It also enabled countries to co-ordinate and learn from each other by handling real and actionable cyber intelligence provided by private companies via Interpol, and is a blueprint for future operations.”