In 2013, an army of five million zombie computers began
taking marching orders from an Eastern European cybercriminal kingpin.
These computers weren’t in a dark warehouse or an abandoned
strip mall, but in homes and offices across 90 countries. The infected PCs
belonged to a vast array of unwitting users who detected nothing out of the
ordinary. Meanwhile, when its malevolent creators issued the command, the
zombie army lurched to life.
The zombies recorded keystrokes, capturing login passwords
and Social Security numbers, spying on financial information, and logging
people’s most sensitive and personal information.
Over the course of 18 months, this botnet, nicknamed
Citadel, stole half a billion dollars from students, bankers, grandparents and
businesses. It was only in June 2013 that a coalition led by Microsoft,
together with FBI and partners in the technology and financial sectors, took
down the botnet. Citadel is perhaps one of the most notorious botnets in recent
history but it is certainly not the last we will see.
In Asia, it is estimated that there are over 5 million IP
addresses connected to millions of infected devices observed in the region,
including India and China. And among the top 25 infected countries globally,
eight of them are from Asia. The Asian countries in the list are India, China, Indonesia,
Thailand, Vietnam, the Philippines, Malaysia and Sri Lanka.
These are but just two of the latest findings shared by the
team at Microsoft’s Digital Crimes Unit (DCU). In fact, according to the latest
third-party studies and statistics, Asia Pacific is currently the most actively
targeted region for cybercrime attacks. It therefore comes as no surprise that
79% of CIOs in Asia are concerned about security, privacy, transparency and
compliance of cloud-related solutions in a recent survey by Microsoft.
A white paper published by the National University of
Singapore and market research firm International Data Corporation estimates
that consumers in Asia Pacific would spend about US$10.8 billion (more than 40%
of world total) in identification, repair and recovering data, and dealing with
identity theft from malware on pirated software in 2014. The same study, also
projected that infected pirated software and lost data would cost enterprises
in the region around US$229 billion (more than 45% of world total) for the same
year. Looking at the economic impact on both consumers and businesses, consider
that the 2013 GDP for Cambodia is US$14.04 billion while Vietnam’s GDP for the
same year is US$171.22 billion.
These alarming numbers have prompted Microsoft to take a
more proactive stance in Asia, as part of its global fight against cybercrime.
With the opening of the Cybercrime Satellite Centre in Singapore on February
16, 2015, the company stepped up its efforts to fight malware, reduce digital
risks and protect vulnerable populations, to create a safe digital world for
consumers, governments and businesses in this region.
“Microsoft is committed to expand its cybercrime fighting
work across the globe to protect computer users, customers, and governments
through threat intelligence sharing partnerships and public-private collaboration.
Our Singapore, Tokyo & Beijing Satellite Centers are examples of that
expanded commitment to bring more awareness and capability around cybercrime
and help reduce malware threats and digital risks in Asia,” says Keshav Dhakad,
Regional Director of Intellectual Property & Digital Crimes Unit, Asia,
Legal & Corporate Affairs, Microsoft.
Taking the global battle against cybercrime to Asia
The Cybercrime Satellite Centre in Singapore will serve as
the Asia Pacific hub for Microsoft to drive customer, industry and law
enforcement engagement on cybercrime threats in the region. At the same time,
it will be used to leverage cyber threat intelligence and use big data cyber
forensics analytics to help Microsoft’s customers and partners make informed
decisions on cybersecurity vulnerabilities and its link with unsecure IT supply
chain. Last but not least, it will act as a nodal point to drive strategic threat-intelligence
sharing partnerships and collaboration with key stakeholders such as National
Computer Emergency Response Teams (CERTs) & Internet Service Providers
(ISPs) to foster a more secure and safer Internet ecosystem in Asia Pacific.
Singapore was the natural choice for Microsoft to set up its
Cybercrime Satellite Centre, given its strategic location in Asia-Pacific,
financial sector leadership, diverse and cutting edge business environment and
a high-tech and mature IT ecosystem. In addition to being home to Microsoft’s
Asia-Pacific headquarters and Microsoft Technology Center, the island state now
also houses the newly set up Interpol Global Complex for Innovation (IGCI),
which will be the epi-center for Interpol to investigate and fight digital
crimes at a global level. This will facilitate closer cybercrime disruption
collaboration between Interpol and Microsoft and will eventually benefit computer
users, organizations and businesses in the region.
With one of the largest IT footprints in the world,
Microsoft has been protecting and securing its platform, products and services
for several decades, but what is unique about Microsoft is its ability to play
‘offence’ against cybercriminals. Keshav explains, “It is just not about
defending our platforms from cyberattacks and building better security and
anti-malware features into our products and services. What is distinct and
unique is our innovation to proactively fight cybercrime, hand-in-hand with key
industry and government stakeholders.”
At the forefront of this battle is the state-of-the-art
Cybercrime Center in Microsoft’s Global HQ at Redmond, US, a tangible example
of Microsoft’s commitment to protect its customers from cybercrime. Keshav says
proudly, “At the Center, our customers, partners and vendors can witness live
global cyber threat intelligence, and learn a huge deal about malware and their
threats as we research them. It’s a unique factor for us to stay ahead of the
curve on cybersecurity, understand new threats, and build trusted applications,
cloud services and products.”
The malware threat intelligence data from the Cybercrime
Center databases, under the program called “Cyber-Threat Intelligence Program
(C-TIP)” is provided free of cost to around 45+ National Computer Emergency
Response Teams (CERTs) in geographies across the world. The C-TIP enables CERTs
to not only understand live malware infection landscape in their respective
geographies, but also undertake awareness & notification activities,
including dissemination of anti-malware tools to get rid of infections. Several
ISPs are also taking advantage of this free program, which has been customized
for them to identify, notify and remediate any internal malware threats
impacting their subscribers. Keshav further explains, “Today, we are proud
about the fact that our cloud customers on Azure & Office 365 can take
benefit of the CTIP program. It allows them to run live security reports to
detect whether any of their IP Addresses have infected devices behind them and
lets them take corrective measures in real time. With this Microsoft has now
brought malware threat intelligence to the door-step of its customers”.
Once the Cybercrime Center in Redmond identifies new malware
threats, malicious strains are investigated to understand their risks, origins
and engineering, and how widespread is their botnet impact and victimization.
The research can ultimately lead to a court-supported legal disruption action
of the cybercriminal network. The DCU team collaborates with law enforcement,
anti-virus companies, IP owners, academia, and industry partners to
investigate, research and undertake effective disruptive actions. DCU’s actions
against financial malware bots such “Zeus”, “Citadel”, “Game-Over-Zeus” or
“Caphaw” were also made possible through strong collaboration with financial
industry partners, such as the Financial Services Information Sharing and
Analysis Center (FS-ISAC). In September, 2014, FS-ISAC signed a threat
intelligence sharing agreement with Microsoft to fight cybercrime and protect
the financial services industry. A similar agreement was also signed with FIS
Global, the world’s largest global provider dedicated to banking and payments
technologies serving more than 14,000 institutions in over 110 countries.
The Singapore Cybercrime Satellite Centre is one of five
such Microsoft facilities in the world, with the others located in Washington
(U.S.), Beijing (China), Berlin (Germany) and Tokyo (Japan), and these numbers
will only grow with time. The Centre will support all major Southeast Asian
countries, Korea, Australia, New Zealand and India.
Keshav points out, “As a productivity and platform company
in a mobile-first, cloud-first world, we strongly believe in trusted
applications, devices and Cloud services. We want to deliver the best
experience to our customers and partners, but with a deep commitment to
cybersecurity, privacy, compliance and transparency, ensuring that users of our
technology and Cloud services have a clear sense of ‘trust’.”
Fighting cybercrime pro-actively is one such way Microsoft
demonstrates ‘trust’. Out of 15 global botnet takedowns in the last six years,
12 actions were led by Microsoft.
“The number of malicious codes (malware) are rising
exponentially. Cybercriminals will strike where there is an opportunity for
them to exploit IT supply chain and usage vulnerabilities and steal private,
financial and confidential data from computers and misuse or sell it. The
greater the malware infections, the more cybercriminals are able to cause
massive disruptions and losses. With rising sophistication, everyone is
vulnerable and the question is not who, but when one would be attacked.” says
Keshav, emphasizing the rising global nature of cybercrime today.
Crucially, the battle against cybercrime doesn’t end there.
All the learnings from Microsoft’s cyber threat intelligence and investigations
against cybercriminals, helps build better security features back into our
product and services. “For us Cybersecurity is not just one other important
thing that we focus on. It is an integral part of building an IT ecosystem
where people feel safe when they use technology,” highlights Keshav.
Microsoft has used this hands-on knowledge to strengthen the
Windows Operating System over the years. “Any device that runs Windows 8 or 8.1
is protected by the most advanced and breakthrough cybersecurity features,
including groundbreaking malware resistance and authentication features. Our
Cloud cybersecurity, privacy standards and governance models are unparalleled
in the industry,” says Keshav proudly. Microsoft is expected to take this to
the next level with Windows 10 which will address modern security threats with
advancements to strengthen identity protection and access controls, information
protection and threat resistance. This new Operating System will move away from
the use of single-factor authentication options like passwords, and deliver options
to help enterprises protect against common causes of malware on PCs.
He concludes, “With fighting malware and cybercrime, we also
want cybercriminals to know that Microsoft platforms will always remain hostile
to their nefarious activities, and we will continue to invest in innovative
technology and tools that help us fight new threats to protect our customers.
That’s where we’ve been successful in creating a secure, trusted and reliable
environment-be it on-premise or on the Cloud.”
With economic losses as a result of malware and pirated
software expected to hit the Asia Pacific region hardest, the global efforts to
fight cybercrime to create a safer world are more relevant than ever before!