Collaboration is key to tackling cybercrime. Recent takedowns show why

Cybercrime is on the rise. In particular, cyber-enabled financial fraud has emerged as a boom industry for transnational crime. In 2024, scammers stole over more than $1 trillion from victims, according to the Global Anti-Scam Alliance.

However, collaboration between law enforcement and experts drawn from the private sector and non-profits is demonstrating how it can be disrupted.

This year saw a string of successful disruption campaigns targeting cybercrime groups that could be a blueprint for tackling the problem.

In November 2024, for example, INTERPOL announced that an operation dubbed Operation Serengeti led to the arrests of more than 1,000 suspected cybercriminals responsible for 35,000 victims in 19 countries across all regions of Africa.

Crucially, law enforcement agencies were able to rely on an increasingly varied range of sources and support via INTERPOL's operational partnerships with the private sector. This included research drawn from the World Economic Forum's Cybercrime Atlas, a consortium of cybercrime experts that uses open-source research to map cybercriminal activities, support the sharing of information on cybercriminal activities, and identify joint public and private sector responses to cybercrime.

"The Interpol arrests made with the support of collaborative research from the Cybercrime Atlas demonstrate the power of public and private collaboration to make the world a safer and more sustainable place," said Derek Manky, Chief Security Strategist and Global VP Threat Intelligence at FortiGuard Labs. "This clearly demonstrates how we can move quickly and effectively together, under a unified and coordinated effort to impactfully disrupt these cybercriminal ecosystems. These arrests create friction and send a message to cybercriminals – and this is just the beginning."

Earlier this month, the World Economic Forum released a white paper, Disrupting Cybercrime Networks: A Collaboration Framework, which showed that collaboration is critical to curbing cybercrime. By working together, the report notes, law enforcement, private sector experts and non-profits are finding ways to fight back.

In April 2024, for instance, police in the UK successfully took down online criminal service provider LabHost and arrested key criminal services providers and their clientele.

LabHost was a cybercrime-as-a-services site (CaaS) – yes, cybercriminals have developed their own service acronyms – that enabled criminals to steal large volumes of identity information including credit card pin codes.

UK authorities estimate that at least 70,000 individuals were victims of LabHost’s services. While the UK was at the centre of the LabHost operation, arrests took place in 37 countries.

The origin of the LabHost disruption was a public-private sector partnership. LabHost criminal activities were discovered in 2022 by the Cyber Defence Alliance, a group of investigators funded by UK financial services whose aim is to provide insights that enhance cybersecurity and disrupt cyberthreat networks. The Cyber Defence Alliance also participates in the Cybercrime Atlas community.

"By working together across sectors, we are showing what industry can do to help to make the internet a safer place," said Jen Silk, Senior Director of Governance, Risk and Compliance at PayPal, adding that the recent INTERPOL operation shows that "the Cybercrime Atlas is a real-world example of open-source intelligence gathering combined with operational collaboration can have a meaningful impact in tackling the global threat posed by cybercrime."

Successful law enforcement operations aimed at curbing cybercrime have also been carried out in other regions.

In April, for instance, the Royal Thai Police arrested foreign nationals running cyber-scam centres in Thailand. The arrests came after a rescue a month earlier of hundreds of human-trafficking victims who were forced to work in an online scam centre in the Phillipines. In the same period, arrests were made in India of criminals who were luring people to Thailand before trafficking them to work as cyber-scammers in Laos.

Moreover, in February, a coordinated operation between law enforcement agencies in North America, Europe, Japan and Australia known as Operation Cronos led to the disruption of Lockbit, which at the time was the world’s most harmful cyber group.

One of the challenges to stopping cybercrime is that cybercriminals usually target victims in other countries, which complicates disruption effort by law enforcement agencies that largely operate within national boundaries.

However, the arrests and disruptions in 2024, as well as recent research from the Carnegie Endowment for International Peace, suggest that law enforcement agencies are expanding their technical capabilities at home and making better use of cross-border support through organizations like INTERPOL and Europol, as well as bilateral relationships between police forces.

Beyond the public sector, collectives like the Cyber Defence Alliance and Cybercrime Atlas demonstrate there is an appetite among experts in the private and non-profit sectors to pool their research skills for the common good. Collaboration is vitally important because while disruption capabilities sit with the public sector, a lot of the knowledge and know how sit in the private sector.

"The results we're seeing underscore that public-private collaboration is effective in the fight against cybercrime," said Steven Masada, Assistant General Counsel, Microsoft Digital Crimes Unit. "We must continue to cooperate, and we encourage others to join the Atlas initiative as we go after malicious actors and hold them accountable."

As long as profits are high and risks are perceived to be low, organized criminals will continue to focus on cybercrime. But 2024 has shown that better collaboration between law enforcement, industry and cybercrime experts gets results. It is supporting arrests, the disruption of criminals’ online infrastructure and the seizure of criminal profits.

There is a growing momentum for operational collaborations that enhance collective cybersecurity or support the disruption of criminal activity. In addition to groups like the Cybercrime Atlas and Cyber Defence Alliance, there are collaborations such as the Ransomware Taskforce, the Cyber Threat Alliance and the US National Cyber-Forensics and Training Alliance.

Cyber-defenders are becoming better at working together across industries and across borders. However, operational collaborations are difficult to build and maintain over time.

Luckily, cybersecurity has a culture of collaboration. Therefore we can expect ongoing improvement by cyber-defenders as they continue to work together to disrupt cybercrime activities.