“Strong and effective partnerships between police and the cybersecurity industry are essential to ensure law enforcement worldwide has access to the information they need to address the scale and complexity of today’s cyberthreat landscape. This successful operation is just one example of how law enforcement are working with industry partners, adapting and applying new technologies to aid investigations and ultimately reduce the global impact of cybercrime,» concluded Mr Jones.”
INTERPOL’s Director of Cybercrime
“There are many challenges and obstacles in cross-border hi-tech crime investigations like this. The Night
Police Superintendent, Cybercrime Investigator at Directorate of Cybercrime of CID of Indonesian National Police
“With cybercrime being a growing threat across the region, the ASEAN Desk was launched by INTERPOL to assist law enforcement agencies enhance their proactive response against cybercrime. Through this operation, it is clear that timely intelligence sharing and coordinated actions are the ways forward to effectively combat cybercrime regionally and globally.”
INTERPOL Acting Assistant Diector (Strategy & Capabilities Development)
Group-IB has been tracking the
Fig. 1 Example of GetBilling’s malicious script
Fig. 2 Example of stolen payment and personal data stored on GetBilling’s servers
Group-IB Cyber Investigations team determined that some of the GetBilling’s infrastructure was located in Indonesia. Upon discovery of this information, INTERPOL’s ASEAN Desk promptly notified Indonesian cyber police. Further investigation discovered that the GetBilling’s operators were not new to the world of cybercrime. To access their servers for stolen data collection and their JS-sniffers’ control, they always used
Head of Group-IB’s APAC Cyber Investigations Team
GetBilling family was first described in Group-IB’s 2019 report «Crime without punishment» which is a deep dive into the world of JS‑sniffers. According to the author of the report Viktor Okorokov, threat intelligence analyst at Group-IB, at the time of the report’s publication, in total Group-IB Threat Intelligence team discovered 38 families of JS-sniffers. Ever since, the number of JS-sniffer families, discovered by the company, has almost doubled and continues to grow. JS‑sniffers have caused many security incidents in past — the infection of the British Airways website and mobile app, payment-card attack on the UK website of the international company FILA etc. — and continue to gain popularity among cybercriminals. Most recently, in December 2019, JS-sniffers hit the APAC infecting the websites of Singaporean fashion brand «Love, Bonito.
To avoid big financial losses due to JS-sniffers, it’s recommended for online users
Press release is available here.
About the author Group-IB:
Group-IB is a leading provider of solutions aimed at detection and prevention of cyberattacks, online fraud, and IP protection. Group-IB is a partner of INTERPOL, Europol, and has been recommended by the OSCE as a cybersecurity solutions provider. Group-IB is a member of the World Economic Forum.
(SecurityAffairs – Operation N