X

Microsoft targets Asia as global hub of cybercrime and malware

The software giant's cybercrime fighting unit has opened its third Asian satellite center in Singapore, to keep an eye on malware that will target Southeast Asia's emerging status as a financial hub.

Aloysius Low Senior Editor
Aloysius Low is a Senior Editor at CNET covering mobile and Asia. Based in Singapore, he loves playing Dota 2 when he can spare the time and is also the owner-minion of two adorable cats.
See full bio
Aloysius Low
3 min read

image-2.jpg
Keshav Dhakad, Regional Director, IP & Digital Crimes Unit, Microsoft Asia presenting at a launch event in Singapore. Microsoft

Singapore is the location for Microsoft's fifth global Cybercrime Satellite Center -- and it's no coincidence that this center is the company's third to open in the region, following Tokyo and Beijing. (The two other sites are in Washington, DC and Berlin.)

These satellite centers are aimed at combating cybercrime that infringes upon Microsoft's software, such as malware and the botnets that run on its operating system. These satellites report to the main Cybercrime Center located in Redmond, Wash., which employs mostly lawyers, data analysts and engineers, and forensic analysts.

Microsoft says it chose the high-tech island state because of its close proximity to other Southeast Asian countries such as India, as well as Oceanic countries such as Australia and New Zealand. It also helps that Singapore has an Interpol center dedicated to fighting cybercrime.

richardboscovich.jpg
Richard Boscovich, Microsoft's assistant general counsel, digital crimes unit. Aloysius Low/CNET

"One of the reasons we're opening a center, particularly here is, obviously, Singapore is one of the major financial centers in the world," said Microsoft's assistant general counsel of its digital crimes unit, Richard Boscovich. "A lot of money comes through Singapore, it's a relatively wealthy nation and criminals follow the money."

"They're in the business of stealing."

Bosco, as he prefers to be known, was a former lawyer in the US Attorney's Office in Miami. Soon after joining Microsoft in 2008 he created a novel legal approach to take down one of the world's largest botnets, Rustock, which infected around 1 million computers.

He obtained temporary restraining orders in order to get spammers to show up to court, and because of course they didn't, Microsoft obtained a default judgement to seize the domains being used as command and control centers. While this approach worked in the US, Bosco believes it could be used to stop malicious botnets in other countries with similar legal principles.

Expensive infection

According to a study published by IDC last year, businesses worldwide spent about $500 billion per year dealing with malware, with almost half of that figure spent in the Asia Pacific region alone. Besides financial crimes, Microsoft's digital crime unit also tackles child pornography with its PhotoDNA technology, which is capable of detecting sexually explicit images of children and removing them.

One of the more immediate threats worrying Bosco is geo-targeted malware aimed specifically at the financial sector. Given a recent report of a two-year criminal operation that had stolen up to $1 billion from banks, he seems to have cause for concern for the region, given Singapore's status as a financial hub.

"When we did our disruptive actions back in 2008, 2009, we started seeing a trend in how [criminals] operate," Bosco said. "Some of the more 'talented' malware coders decided to make their pieces of malware more proprietary."

Instead of selling the kits in the black market, these coders kept the programs for themselves with a smaller infection base that's geographically targeted. The smaller botnets would hopefully sneak under the radar as a result.

"So if you look at Shylock, which was targeted at UK financials, we're seeing that trend, and we believe in the emerging markets in Singapore in particular, giving its financial hub status in the Asia Pacific region, is going to ripe for that type of geographically targeted, very specific malware, aimed at financial institutions and consumers," Bosco said.

"One of the things of having the center located here is that it allows us to have better cooperation with local enterprise customers and the government. Having the Interpol folks here in the center is a bonus for us.

"While I can't go into specifics, you're going to see in the short period of time of this close collaboration here, start bearing fruit pretty quick."

Infections behind the Great Firewall

Of a more pressing concern is China, which already has a Cybercrime Satellite Center located in Beijing. Bosco says the infection rate in China is high due to counterfeit software.

"There's a huge amount of infections within China, and the result of that from our investigative work was that it comes from an unsecured supply chain," said Bosco. "What happens is you're getting a lot of people infected because of simply buying a computer with pre-installed malware. Sometimes, it's not even that, it comes with all of the features, such as automatic updates and firewalls disabled.

"The minute you put it on the Internet, even if you're not infected, within hours you will be infected and it just cascades and you'll see a huge amount of infections in China because of that."