DALLAS,Ā Aug. 14, 2023Ā --Ā Trend Micro Incorporated, a global cybersecurity leader, today announced that its close cooperation with law enforcement has led to another major win after the dismantling of a prolific phishing-as-a-service (PaaS) operation.
Jon Clay, VP of threat intelligence at Trend:Ā "Trend has been a committed partner of INTERPOL for many years, so when the call came for help, we didn't waste a second. As this takedown proves once again, public-private partnerships backed by powerful threat intelligence can be a force multiplier for international cybercrime investigations."
Trend Micro was first approached by INTERPOL in 2020 when the policing alliance requested threat intelligence regarding PaaS site 16shop. The platform sold phishing kits designed to lower the barrier to entry to budding cybercriminals, enabling them to scale scam campaigns with ease.
Through its research, Trend found and reported to INTERPOL that:
- Attacks supported by 16shop were particularly prevalent inĀ Japan, as well as the U.S. andĀ Germany.
- Customers of 16shop were able to craftĀ phishing pages to harvest Amazon, American Express, PayPal, Apple, and CashApp credentials as well as U.S. banking logins.
- The platform'sĀ phishing kits automatically localized the language of phishing sites depending on the victims' location.
- It featured capabilities designed to thwart analysis, such asĀ anti-sandboxing and geolocated access restrictions.
- 16shop's web infrastructure was hosted across numerous legitimate cloud providers to further avoid detection.
- The site was active from 2018 until at least 2021, with copycat sites most likely springing up after this date.
According toĀ INTERPOL, Trend's threat intelligence report helped lead to the arrest of the suspected administrator of 16shop and two other suspects inĀ IndonesiaĀ andĀ Japan. In total, 16shop is estimated to have enabled phishing attacks on over 70,000 victims in 43 countries.
Trend's close support of INTERPOL in this operation follows numerous previous engagements, including 2022'sĀ Operation African Surge, and the dozens of training sessions the cybersecurity provider has delivered to law enforcement agencies since 2014, including a five-day courseĀ recently held inĀ Manila.