19 May 2023 | Asia Cyber Summary

In the spotlight this week:

• UK's Sunak to Partner with Japan on Defence, Technology Ahead of G7
• Escalating China-Taiwan Tensions Fuel Alarming Surge in Cyber Attacks
• Polish News Websites Hit by Cyber Attacks
• Toyota Admits Leaking Data of Over 2 Million Drivers
• Coca-Cola Bottler Reportedly Hit with Ransomware
• Discord Warns of Data Breach Involving Support Agent

UK's Sunak to Partner with Japan on Defence, Technology Ahead of G7

British Prime Minister Rishi Sunak is scheduled to sign a significant agreement called the "Hiroshima Accord" during his meeting with Japan's Prime Minister Fumio Kishida. The accord aims to enhance defence cooperation between the two countries. Additionally, they will announce the establishment of a "semiconductors partnership" to strengthen the chip supply chain in a competitive market. The agreement seeks to foster collaboration in defence, economic growth, and the development of science and technology expertise. Prime Minister Sunak will visit a naval base to confirm the new defence cooperation, which includes an increase in UK troop numbers for joint exercises. The move aligns with recent efforts by Washington and the European Union to address concerns related to China's non-market practices and coordinate export controls on semiconductors and other goods.

‍Escalating China-Taiwan Tensions Fuel Alarming Surge in Cyber Attacks

Escalating tensions between China and Taiwan have led to a surge in cyber attacks targeting Taiwan, with a significant increase in malicious emails, malware, and phishing attempts. Industries such as networking, manufacturing, and logistics have been particularly affected. The use of the PlugX remote access trojan, along with other malware families, has been observed. Attackers have utilised DLL side-loading techniques and employed socially engineered messages with counterfeit login pages to trick users. Geopolitical conflicts are increasingly driving cyber attacks, emphasising the need for organisations to monitor events and anticipate potential threats.

‍Polish News Websites Hit by Cyber Attacks

Several Polish news websites, including Gazeta Wyborcza, Rzeczpospolita, and Super Express, have experienced distributed denial-of-service (DDoS) attacks. The Polish government suspects that Russian hacking groups may be responsible for the attacks, which they believe could be attempts to destabilise the country. Poland, a staunch ally of Ukraine, has often faced Russian attempts to disrupt its affairs. DDoS attacks involve flooding targeted servers with high volumes of Internet traffic to disrupt their functioning. The Polish digitalization minister, Janusz Cieszynski, stated that they had information indicating Russian involvement in the attacks. The Russian Foreign Ministry has not yet responded to the allegations.

‍Toyota Admits Leaking Data of Over 2 Million Drivers

Toyota has issued an apology after it was discovered that its primary cloud service had been left publicly accessible for over a decade, potentially compromising the data of more than 2 million clients. The incident was caused by a misconfiguration of the cloud environment, where the system was mistakenly set to public instead of private. Customer data, including vehicle location information and device identification numbers, was exposed. Toyota has not confirmed any malicious use of the leaked data. This is not the first time Toyota has faced data leaks, highlighting the need for companies to address insider risks and invest in employee education and data monitoring tools.

‍Coca-Cola Bottler Reportedly Hit with Ransomware 

Viking Coca-Cola, a major Coca-Cola bottling company based in the US, has allegedly been breached by the Russia-linked cyber criminal group known as Black Basta. The breach was reported after the company's name appeared on a dark web leak site typically used by criminals to showcase their victims. The specific details of the data stolen have not been disclosed, but so far, no data has been leaked publicly, suggesting that negotiations may still be ongoing. Black Basta is known for employing double-extortion tactics, where they demand ransom from victims and threaten to publish stolen data if the ransom is not paid. The group has targeted numerous organisations since its emergence in 2022 and is believed to be associated with the cybercrime gang FIN7.

‍Discord Warns of Data Breach Involving Support Agent

Discord, the messaging and call platform, has notified its users of a breach resulting from a compromised third-party support agent. The incident involved unauthorised access to the support ticket queue of the third-party agent, potentially exposing users' email addresses, customer service messages, and attachments. Discord took immediate action by deactivating the compromised account and conducting malware checks on the affected device. The company has reached out to its customer service partner to enhance their practices and prevent similar incidents in the future. While Discord believes the risk to users is minimal, they advised users to remain vigilant for any suspicious messages or activities. Discord, originally designed for gamers, has expanded to serve various communities and has a user base of 150 million monthly active users. The platform has previously faced data security issues and was fined in France for inadequate personal data protection. More recently, it gained attention when Pentagon documents containing classified information were leaked on the platform.