Cybercrime is surging in Asia Pacific (APAC), but governments don’t seem able to effectively investigate or prosecute criminals, according to a former UN Office on Drugs and Crime (UNODC) investigator.
Now a Senior Threat Intelligence Researcher at Infoblox, John Wojcik has been tracking high-tech money laundering and transnational drug trafficking with Asian law enforcement agencies for years.
He has observed a worrying trend: while high-profile raids and arrests of local criminal kingpins keep making headlines, they are leaving the underlying system and the ‘masterminds’ untouched. It all ends up like a game of whack-a-mole – you knock one down, another pops up.
We discuss with Wojcik the challenges and approaches of bringing cybercriminals to justice in the region:
Cybercrime is surging in APAC, but governments seem to be hindered when it comes to effectively investigating and prosecuting the ‘masterminds’. Why is that so?
Wojcik: The core problem is that cybercrime in APAC is scaling faster than governments can respond. Industrialized cybercrime networks are hard to trace because they do not operate neatly within one country’s borders. The victims may be in one market, the infrastructure in another, the operators in a third, and the money laundering pipelines somewhere else entirely.
This means that the ‘masterminds’ are rarely in the scam factory themselves. Instead, they fly under the radar by stashing their gains through shell companies and laundering their money abroad.
Fundamentally, this is not a problem that we are going to be able to investigate or prosecute our way out of. What’s needed is a shift towards pre-emptive security and strategies that enable disruption at scale – including Protective DNS – to tip the scales in the fight against cybercrime.
Since governments and law enforcement systems were largely built to work within national jurisdictions, cracking down on criminal networks in Southeast Asia remains particularly difficult. Clusters of criminals are hiding in countries with weak judicial oversight, like Cambodia and Laos, which makes them hard to reach. Parts of these regions are even run by militias which force human trafficking victims to work in large compounds, churning out thousands of scams around the clock.
The use of AI added more fuel to the fire, allowing criminals to scale their operations rapidly. Recruits no longer need technical skills to code malware and build scam websites. Instead, we are seeing the emergence of cybercrime-as-a-service, where customers can buy an exploit or entire scam bundles from underground markets for just a few hundred dollars. This essentially lowers the barrier-to-entry and makes hacking and scamming available to everyone.
Based on your first-hand experience working with law enforcement to track and dismantle criminal networks in the region, what has been the impact on the underground economy and the underlying cybercriminal systems from the high-profile raids and arrests of local criminal kingpins?
Wojcik: While major law enforcement operations and sweeping crackdowns in and beyond the region have cranked up in recent months, we’re still only beginning to scratch the surface. Market-leading Asian crime syndicates have proven agile and highly elusive, infiltrating governments and establishing their own criminal financial institutions and fintech solutions with far-reaching global consequences.
While law-enforcement efforts have certainly exerted pressure and made life uncomfortable for certain criminal networks, the broader industry continues to expand and diversify. Unfortunately, it’s highly likely that the industry will shift again, streamlining more sophisticated automation and the integration of malware and powerful new AI-driven technologies including deepfakes into their operations.
I’m afraid that this is only the beginning. Quite frankly, this is a situation that the region and broader international community have never faced before and are not prepared for.
How should governments and enterprises tackle today’s AI-powered wave of industrialized cybercrime?
Wojcik: Firstly, we need stronger cross-border collaboration in the region. Cybercrime is transnational by nature, so intelligence sharing between governments, law enforcement, and trusted private-sector partners has to happen much faster and more consistently. We need regional strategies, not just national ones, because criminal groups will always exploit the weakest point in the system.
Law enforcement operations targeting the kingpins of criminal networks will hopefully continue, but bringing down the underlying infrastructure is a much more effective way to curb the current surge in cybercrime.
My experience with law enforcement agencies in the region made me realize that bringing down physical crime starts in the digital world. Instead of waiting for the criminals to strike first, we must shift towards proactive disruption.
While transnational crime networks cleverly mask their online trails, they still leave clues on the internet’s Domain Name System (DNS). By looking for recurring naming conventions and website templates, we can identify and block malicious or suspicious domains before they can do any harm. In one operation, we began with the analysis of a single scam site to uncover a sprawling network of hundreds of related domains, linked to shell companies in several countries.
This is why protective DNS and pre-emptive security are so important for both government and enterprises. In the age of AI-powered cybercrime, everyone is a target. Switching to protective DNS and preemptive security is one of the best things organizations can do to reduce their exposure and keep their information safe.
Protective DNS as a front line of cyber-defense offers a powerful vantage point for earlier threat detection and faster response while also serving as a major force multiplier supporting law enforcement investigations through DNS-based threat intelligence, proving to be one of the best ways to actively detect, block and investigate cybercrime, fraud and scam infrastructure.
