Cybersecurity

Collaboration is key to tackling cybercrime. Recent takedowns show why

There is a growing momentum for operational collaborations to curb cybercrime.

There is a growing momentum for operational collaborations to curb cybercrime. Image: Unsplash

Sean Doyle
Lead, Cybercrime Atlas Initiative, World Economic Forum
Natalia Umansky
Project Specialist, Cybercrime Atlas, World Economic Forum
  • Cybercrime across the world is on the rise, but collaboration between law enforcement and experts shows how to disrupt it.
  • This month, authorities across Africa have made over 1,000 arrests and dismantled more than 134,000 malicious infrastructures and networks in a joint INTERPOL and AFRIPOL operation.
  • Lessons from 2024 show that better collaboration between law enforcement, industry and cybercrime experts gets results.

Cybercrime is on the rise. In particular, cyber-enabled financial fraud has emerged as a boom industry for transnational crime. In 2024, scammers stole over more than $1 trillion from victims, according to the Global Anti-Scam Alliance.

However, collaboration between law enforcement and experts drawn from the private sector and non-profits is demonstrating how it can be disrupted.

Crime without punishment? Not anymore

This year saw a string of successful disruption campaigns targeting cybercrime groups that could be a blueprint for tackling the problem.

In November 2024, for example, INTERPOL announced that an operation dubbed Operation Serengeti led to the arrests of more than 1,000 suspected cybercriminals responsible for 35,000 victims in 19 countries across all regions of Africa.

Crucially, law enforcement agencies were able to rely on an increasingly varied range of sources and support via INTERPOL's operational partnerships with the private sector. This included research drawn from the World Economic Forum's Cybercrime Atlas, a consortium of cybercrime experts that uses open-source research to map cybercriminal activities, support the sharing of information on cybercriminal activities, and identify joint public and private sector responses to cybercrime.

Operation Serengeti disrupting cybercrime networks

"The Interpol arrests made with the support of collaborative research from the Cybercrime Atlas demonstrate the power of public and private collaboration to make the world a safer and more sustainable place," said Derek Manky, Chief Security Strategist and Global VP Threat Intelligence at FortiGuard Labs. "This clearly demonstrates how we can move quickly and effectively together, under a unified and coordinated effort to impactfully disrupt these cybercriminal ecosystems. These arrests create friction and send a message to cybercriminals – and this is just the beginning."

Collaboration proves effective

Earlier this month, the World Economic Forum released a white paper, Disrupting Cybercrime Networks: A Collaboration Framework, which showed that collaboration is critical to curbing cybercrime. By working together, the report notes, law enforcement, private sector experts and non-profits are finding ways to fight back.

In April 2024, for instance, police in the UK successfully took down online criminal service provider LabHost and arrested key criminal services providers and their clientele.

By working together across sectors, we are showing what industry can do to help to make the internet a safer place.

Jen Silk, Senior Director, Governance, Risk & Compliance, PayPal

LabHost was a cybercrime-as-a-services site (CaaS) – yes, cybercriminals have developed their own service acronyms – that enabled criminals to steal large volumes of identity information including credit card pin codes.

UK authorities estimate that at least 70,000 individuals were victims of LabHost’s services. While the UK was at the centre of the LabHost operation, arrests took place in 37 countries.

Loading...

The origin of the LabHost disruption was a public-private sector partnership. LabHost criminal activities were discovered in 2022 by the Cyber Defence Alliance, a group of investigators funded by UK financial services whose aim is to provide insights that enhance cybersecurity and disrupt cyberthreat networks. The Cyber Defence Alliance also participates in the Cybercrime Atlas community.

"By working together across sectors, we are showing what industry can do to help to make the internet a safer place," said Jen Silk, Senior Director of Governance, Risk and Compliance at PayPal, adding that the recent INTERPOL operation shows that "the Cybercrime Atlas is a real-world example of open-source intelligence gathering combined with operational collaboration can have a meaningful impact in tackling the global threat posed by cybercrime."

Cybercrime disruptions worldwide

Successful law enforcement operations aimed at curbing cybercrime have also been carried out in other regions.

In April, for instance, the Royal Thai Police arrested foreign nationals running cyber-scam centres in Thailand. The arrests came after a rescue a month earlier of hundreds of human-trafficking victims who were forced to work in an online scam centre in the Phillipines. In the same period, arrests were made in India of criminals who were luring people to Thailand before trafficking them to work as cyber-scammers in Laos.

Moreover, in February, a coordinated operation between law enforcement agencies in North America, Europe, Japan and Australia known as Operation Cronos led to the disruption of Lockbit, which at the time was the world’s most harmful cyber group.

What this tell us about cybercrime

One of the challenges to stopping cybercrime is that cybercriminals usually target victims in other countries, which complicates disruption effort by law enforcement agencies that largely operate within national boundaries.

However, the arrests and disruptions in 2024, as well as recent research from the Carnegie Endowment for International Peace, suggest that law enforcement agencies are expanding their technical capabilities at home and making better use of cross-border support through organizations like INTERPOL and Europol, as well as bilateral relationships between police forces.

Have you read?

Beyond the public sector, collectives like the Cyber Defence Alliance and Cybercrime Atlas demonstrate there is an appetite among experts in the private and non-profit sectors to pool their research skills for the common good. Collaboration is vitally important because while disruption capabilities sit with the public sector, a lot of the knowledge and know how sit in the private sector.

"The results we're seeing underscore that public-private collaboration is effective in the fight against cybercrime," said Steven Masada, Assistant General Counsel, Microsoft Digital Crimes Unit. "We must continue to cooperate, and we encourage others to join the Atlas initiative as we go after malicious actors and hold them accountable."

How cybersecurity is changing

As long as profits are high and risks are perceived to be low, organized criminals will continue to focus on cybercrime. But 2024 has shown that better collaboration between law enforcement, industry and cybercrime experts gets results. It is supporting arrests, the disruption of criminals’ online infrastructure and the seizure of criminal profits.

There is a growing momentum for operational collaborations that enhance collective cybersecurity or support the disruption of criminal activity. In addition to groups like the Cybercrime Atlas and Cyber Defence Alliance, there are collaborations such as the Ransomware Taskforce, the Cyber Threat Alliance and the US National Cyber-Forensics and Training Alliance.

Cyber-defenders are becoming better at working together across industries and across borders. However, operational collaborations are difficult to build and maintain over time.

Luckily, cybersecurity has a culture of collaboration. Therefore we can expect ongoing improvement by cyber-defenders as they continue to work together to disrupt cybercrime activities.

Loading...
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Cybersecurity

Share:
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

4 ways to advance equity in cyberspace

Kate Whiting

December 12, 2024

The top cybersecurity stories from 2024

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum