Trend Micro and the NCA: Sending a Clear Message to Cybercriminals

by Raimund Genes

If you’re a keen follower of all things cyber security then you could be forgiven for thinking we should all probably just pack up and go home because cybercriminals seem to be winning. Thankfully things aren’t as bad as some of the more sensationalist headlines make out. In fact, some initiatives – like our partnership with the National Crime Agency – are starting to see real results.

As a direct result of our joint work with the agency following the Memorandum of Understanding we signed in July, two people have been arrested on suspicion of cybercrime activities. We hope this is just the start and encourage other industry stakeholders to reach out to law enforcement so we can begin to turn the tide.

The first step
The MoU we signed back in the summer was different from a lot of similar agreements struck between security vendors and law enforcers in that it established a ‘virtual team’ to work on new cases. Members from the NCA’s National Cybercrime Unit (NCCU) and our very own Forward Looking Threat Research (FTR) team work hand-in-hand on entire investigations. One of the things many people forget is that despite state-backing, the police have several blind spots when it comes to putting together the pieces of the puzzle needed to find evidence and track down suspects.

That’s when partnering with private security providers like Trend Micro comes into its own. Our FTR utilises the intelligence provided by a global network of over 1,200 threat researchers and the power of our cloud-based Smart Protection Network. This threat prevention system analyses over 15TB of data and blocks over 250 million threats every single day – mind boggling performance capabilities which few law enforcement agencies in the world could match. That’s not to say the NCA doesn’t have some great in-house skills and resources of its own. But by working together in this virtual team, we are more effective than the sum of our parts.

Fighting back
The two suspects arrested in this case are thought to have run online services designed to help cybercriminals avoid their malware from being detected by traditional tools. One particular capability tests malware against 30-40 of the best known AV products to ensure that it will bypass filters installed by any victim organisation. Another, known as “crypting”, will modify a piece of malware so it is rendered undetectable by traditional security products.

Unfortunately for IT managers, these services are pretty readily available on the cybercrime underground. But there are ways to insulate your organisation from their worst effects. Advanced anti-malware tools which include heuristic technology will usually be able to withstand crypting techniques because they’re more intelligent in the way they look for malicious code.

Another ray of hope for those of us “glass half full” information security types is that by taking out those behind such services, industry and law enforcement has a real chance to disrupt the bad guys. Although dismantling botnet infrastructure is important, it is unfortunately still too easy for the cyber gangs behind them to set up again using new servers. But find and arrest those running crypting and other illegal services, and we have the chance to create a more lasting effect. Over time, and with more arrests, we hope it will begin to make the entire cybercrime business model more expensive, whilst acting as a major deterrent for those hoping to make a quick buck.

There’s a long road ahead, but with more cyber security public-private partnerships like this set in stone, we stand a better chance of success.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.