WeeklySA_AdminFraud: Nearly 1000 fraudsters were arrested and more than 130 000 malicious infrastructures dismantled
By Monk Nkomo
Nearly one thousand fraudsters have been arrested across the African continent during the last few months in a major breakthrough by Interpol and Afripol in their quest to combat cybercrime which has become a pervasive and insidious threat to individuals and companies worldwide.
This was announced by Interpol and Afripol in their latest report in which they noted that cybercrime and money laundering affected individuals, businesses and societies as a whole and the consequences of these crimes could be far-reaching. The impact can be profound for individuals and companies resulting in financial and reputational damages.
Both organizations said their collaboration led to the arrest of the fraudsters across the African continent and dismantled a network of 134 098 malicious infrastructures and recovered 43 million dollars. Private sector partners, including Internet Service Providers, played crucial roles in sharing intelligence and disrupting criminal activity.
It is estimated that there was a 23 percent year-on-year increase in the average number of weekly cyberattacks per organization in Africa which was now the highest in the world.
Authorities said the surge in cybercrime could be attributed to the region experiencing unprecedented growth and development in the digital technology sector, particularly in financial technology and e-commerce.
‘’ However, this rapid digitalization has also brought with it a variety of security threats that can have a severe impact. Leveraging the increased reliance on technology, attackers employ various techniques to steal personal data and execute fraudulent activities.’’
The first Interpol Africa Cyberthreat Assessment Report issued in 2021 estimated the financial impact of cybercrime in the region to be more than four billion dollars, which was about ten percent of Africa’s total gross domestic product at the time.
About a month ago, Interpol released the 2024 African Cyberthreat Assessment Report, detailing the trends in the African cyberthreat landscape for the previous year.
The report highlighted that the volume and impact of cybercrimes continued to surge across Africa, with attacks evolving in sophistication and scale.
Ransomware, Business Email Compromise (BEC) and other online scams were the fastest-growing cyber threats.
In their efforts to fight the scourge of cybercrime, Interpol and Afripol launched the 3rd edition of Africa Cyber Surge (ACS 3,0) in Accra, Ghana in September this year. This significant initiation brought together 19 member countries, represented by 40 cybercrime experts from Afripol and Interpol and supported by international experts from private entities.
Operation ACS 3.0 marked a critical milestone in the ongoing fight against cybercrime across Africa, underscoring the continent’s growing commitment to safeguarding its digital infrastructure and ensuring the online safety of its citizens. This initiative not only united numerous African countries in a coordinated effort against cyber threats but also fostered trust and strengthened ties between these nations and their international partners.
The operation, first launched in July 2022 in Kigali, Rwanda, had already achieved significant milestones in its first two editions. These accomplishments included enhancing capacity building, fostering international cooperation and protecting critical infrastructure.
‘’More importantly, the operation had delivered tangible operational outcomes, leading to the arrest and prosecution of several high-profile cybercriminals and the dismantling of numerous criminal networks operating across different African countries.’’
The authorities warned that criminals were now offering variants of phishing kits with ready-made templates and scripts, enabling BEC operators to scale up their activities quickly and easily. The importance of implementing adequate cybersecurity measures could not be overemphasized as the financial and reputational impact of successful cyberattacks could be massive.
Organizations have been urged to put in place several measures to increase resilience and reduce the likelihood and frequency of cyberattacks on their internal systems. Options at their disposal included the implementation of a robust cybersecurity framework, ensuring adequate protection against malware, frequent cybersecurity assessments and digital extortion and improving organizational cyber hygiene. This could be achieved by conducting constant training and awareness amongst all stakeholders.
The reality was that as organizations worked hard to protect their systems from attacks, cybercriminals were working harder to break through.
Experts warned that the absence of robust cybersecurity standards created a critical gap in protecting online services. This exposed critical infrastructure like banks and government institutions to cyberattacks, potentially leading to data breaches, financial losses and disruptions in trade. Addressing this gap through stronger cybersecurity standards was essential.
As the African Union mechanism for police cooperation, Afripol aimed to establish a unified approach in the fight against cybercrime through its activities and strategic initiatives. It was dedicated to aligning efforts to ensure coherence in operational actions and to enhancing law enforcement capabilities across the continent. By doing so, Afripol strived to achieve a balanced level of expertise and proficiency within the police services of African nations, ensuring a robust and collective response to cybercrime.
Interpol and Afripol have pledged to continue to demonstrate their unwavering commitment to combating cybercrime and securing the digital landscape for the future of Africa.
Previous campaigns launched by the authorities to crackdown on cybercriminals included :
* #JustOneClick campaign in October 2021.
This campaign focused on online scams and phishing, ransomware and Business Email Compromise. Basic cyber hygiene advice was provided throughout the campaign to ensure that individuals and businesses were equipped with the knowledge of how to protect their systems and data.
*Operation Delilah in May 2022.
The national police authorities were supported to arrest a Nigerian man in this international operation, spanning four continents. The suspect was alleged to have run a transnational cybercrime syndicate that launched mass phishing campaign and business email compromise schemes targeting companies and individual victims.
*#YouMayBeNext in June 2022.
The campaign focused on digital extortion threats including ransomware, sextortion and Distributed Denial-of-Services (DDoS). The campaign offered tips to ensure that individuals and businesses were better equipped with the knowledge to safeguard their systems, networks and devices.
*Africa Cyber Surge Operation from July – November 2022
Law enforcement officials helped fight cybercrime through coordinated action, utilizing Interpol platforms, tools and channels. Participating countries were able to improve their own national cyber security by securing vulnerable critical infrastructure.
During this operation, officials took action to remove malicious infrastructure linked to botnet activity and the dissemination of mass phishing, spam and online extortion activities (e.g. romance scams, banking scams and theft of data).
*Operation Contender from November 2022 – January 2023
This operation targeted criminal groups behind romance scams and Business Email Compromise within the West African region. Close cooperation between our Regional African Desk, private sector partners and national authorities in Finland, Switzerland, Cote d’Ivoire and Benin was essential in successfully detecting and disrupting cybercrime.
The cybercrime investigation also resulted in the arrest of three suspects in Cote d’ Ivoire and Benin as well as the seizure of digital and mobile devices.
*Operation Falcon II in December 2022.
The Nigerian Police Force (NPF) were supported to combat major cybercrime threats such as Business Email Compromise (BEC), invoice scams and mass phishing campaigns. Private sector partners also provided key technical expertise and consultancy to help police authorities prevent and investigate attacks.
Cybercrime investigations also resulted in the arrest of three suspects in Cote d’ Ivoire and Benin as well as the seizure of digital and mobile devices. As African countries moved to incorporate digital infrastructure into all aspects of society – including government, business and banking, it was vital to promote a strong cybersecurity framework.
*10th Africa Working Group on Cybercrime – Abuja, Nigeria from April 29 – May 3, 2024
The 10th Africa Working Group on Cybercrime gathered 150 participants from nearly all of the continent’s member countries (49 out of 54) to address the escalating challenges of cybercrime amid Africa’s rapid digital transformation and heightened connectivity. This crucial meeting aimed to raise awareness and tackle issues related to cyber threats across the region.
Additionally, ten operational side meetings involving 15 Member countries and various private partners were held to discuss ongoing cases and strategize future operations, further enhancing collaboration and cooperation in combating cybercrime in Africa.
These annual reports are expected to help countries in Africa to understand the most prevalent threats and formulate a coordinated regional response to cybercrime. The African Cyberthreat Assessment Report was produced as a result of cross-sector collaboration between key regional stakeholders as well as law enforcement agencies and the private sector.
Interpol -coordinated operation leveraged private sector intelligence to pro-actively combat cybercrime. Organized in collaboration with Afripol, the initiative streamlined cooperation between African law enforcement agencies to prevent, mitigate, investigate and disrupt phishing, cyber extorsion, business email compromise and online scams.
FACT FILE
TYPES OF CYBERCRIMES
• Email and internet fraud
• Identity fraud ( where information is stolen and used)
• Theft of financial or card payment data
• Theft and sale of corporate data
• Cyberextortion ( demanding money to prevent a threatened attack)
• Ransomware attacks ( a type of cyberextortion)
• Cryptojacking ( where hackers mine cryptocurrency using resources they do not own)
• Cyberespionage ( where hackers access government or company data.
• Interfering with systems in a way that compromised a network.
• Infringing copyright
• Ilegal gambling
• Selling illegal items online
• Soliciting, producing or processing child pornography.
HOW TO PROTECT YOURSELF AGAINST CYBERCRIME
• Keep software and operating system updated
• Use anti-virus software and keep it updated
• Use strong passwords
• Never open attachments in spam emails
• Do not click on links in spam emails or untrusted websites
• Do not give out personal information unless you are sure
• Contact companies directly about suspicious requests
• Be mindful of which website URLs you visit
• Keep an eye on your bank statements.
