The Tokyo Metropolitan Police Department awarded Trend Micro a certificate of appreciation for being one of the security vendors that helped them crack down on online banking fraud through information sharing. This certificate of appreciation also proves that private-public collaboration is truly effective in combating the bad guys.

This is one of the many relationships that the Forward-Looking Threat Research Team of Trend Micro is keeping with law enforcement in line with our company mission of keeping the world safe for exchanging digital information.

Collaborating with Law Enforcement Agencies to Stop Cybercrime

The promise of easy money remains the biggest motivation for cybercrime today. Cybercriminals thus make it their main objective to steal information that would lead them to the money, like online banking information. Once stolen, the information can be used to transfer funds illegally from victims’ accounts.
In 2013, the total amount of money stolen through this exact method in Japan has amounted to 1.4 billion yen. This is purportedly the biggest amount to date, and it seems 2014 is well on its way to catching up, with 600 million yen already stolen, according the publication of the National Police Agency (NPA). We have reason to believe that those numbers will continue to climb, which poses a challenge on how to stop cybercrime once and for all.

As part of our efforts to stop cybercrime, our dedicated team of researchers, the Forward-Looking Threat Research (FTR) Team have been doing research about what it takes to prevent financial losses from online account theft by cybercriminals. Moreover, we have identified some methods to track down and identify these cybercriminals responsible, such as command-and-control (C&C) server analysis, analyzing stolen information, and malware analysis.

Find out more about the server

For instance, cybercriminals behind the recent popular banking Trojan called Citadel use WebInjects to display fake screen displays needed to carry out online banking logging theft. By analyzing the WebInject modules, it is possible to find out more about the server where the stolen information has been sent to.

Because any information from victims which victims input in the fake screen will be stored in the server, we can immediately pinpoint the existence of victims by monitoring the server’s stored information. As a result, we can quickly prevent actual financial loss through reactionary methods, such as freezing the compromised bank accounts before the money is transferred to the cybercriminals.