Cybercrime has no borders and the best way to combat the creativity and negative impact of adversaries is partnership based on actionable intelligence from wide and diverse sources. Derek Manky, Global Security Strategist at Fortinet, talks about the successful information cooperation between Fortinet and INTERPOL and also his thoughts on the importance of cybersecurity information sharing in general today.
What did Fortinet announce today?
Essentially our threat data helped the authorities effectively catch a global cyber criminal gang. What this means is that Fortinet’s actionable cyber threat intelligence helped uncover the head of an international criminal network who was arrested in a joint operation by INTERPOL and the Nigerian Economic & Financial Crime Commission (EFCC). The successful operation is the result of close threat information cooperation between Fortinet and INTERPOL.
Our data uncovered valuable information about the online fraudsters behind thousands of online scams totaling more than USD 60 Million and involving hundreds of victims worldwide. The group runs 419 scam, dating scam, Alibaba scam, financial account hi-jacking and payment diversion fraud with worldwide targets. They also leveraged an extensive money-laundering network in order to disburse funds.
Can you share any additional information as to how they executed their fraudulent attacks?
The fraudsters deployed two types of social engineering scams targeting businesses through either payment diversion fraud or CEO fraud. This reinforces the prevalence of an advanced threat technique called “behavior blending.” Behavior blending is a technique used by criminals that allows them to blend in on a compromised network, which has a lot of potential for thwarting detection over sustained periods of time.
Can you expand a bit on information sharing and talk about why it is so important today?
Sharing information proactively across all verticals and public or private organizations is essential moving forward. Security controls need to be able to digest automated threat intelligence and take action. The vast amount of threat intelligence that exists today and more coming tomorrow cannot be managed otherwise. Organizations continue to struggle facing ever-evolving threats, an expanding attack surface, and a growing security skills shortage. Security teams often monitor an average of 14 separate security consoles to try and manage, assess, and secure the expanding array of devices and technologies on their hybrid networks. Many times, they have to compare log files, hand correlate data, and manually change policies between devices in order to address threats, which means that many threats go undetected, and response times are too slow for attacks that operate at machine speeds. This is essentially a growing big data problem for cybersecurity today. Yet, this actionable information is the best way to move from being reactive to proactive in cybersecurity today and to make examples out of cyber criminals.
What is Fortinet doing to help further information sharing?
Fortinet is actively directing the future of threat intelligence standards and protocols through its ongoing collaboration with global law enforcement, government and industry organizations. Fortinet has been an active member of an expert working group with INTERPOL for more than a year. Additionally, Fortinet earlier this year announced an industry partnership agreement within the framework of the NATO Industry Cyber Partnership (NICP) with the NATO Communications and Information (NCI) Agency. Fortinet is also a founding member of the Cyber Threat Alliance (CTA) and a member of the OASIS Cyber Threat Intelligence (CTI) group, helping drive collaborative threat intelligence and information sharing forward for the benefit of global welfare and economies.