20 Jan 2023 | Asia Cyber Summary

In the spotlight this week:

• Bank of Thailand Warns of Elevated Financial Cyber Crime Risk
• Crypto Crime Hits Record USD 20 Billion in 2022
• MailChimp Suffers New Security Breach: Second Such Incident in 6 Months
• Norton LifeLock Says Thousands of Customer Accounts Breached
• Nissan North America Data Breach Caused by Vendor-exposed Database
• Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware

‍

Bank of Thailand Warns of Elevated Financial Cyber Crime Risk

Consumers and banks are being cautioned by the Bank of Thailand (BoT) regarding an elevated risk of financial cyber crime. One such victim lost 101,560 baht from his bank account after falling victim to a malware attack after downloading an unsafe dating app called ‘Sweet Meet’. Once the malware was installed, threat actors were able to remotely access and control the victim’s phone to transfer money from the user’s bank account. 

‍Crypto Crime Hits Record USD 20 Billion in 2022

According to blockchain data experts, illicit use of cryptocurrencies hit a record USD 20.1 billion last year as transactions involving companies targeted by U.S. sanctions skyrocketed. Even as the cryptocurrency market floundered in 2022, causing overall crypto transaction volumes to fall, the value of crypto transactions related to illicit activity rose for the second year in a row. Transactions associated with sanctioned entities also increased more than 100,000-fold in 2022 and made up 44% of last year's illicit activity. The USD 20.1 billion estimate only includes activity recorded on the blockchain and excludes other transactions that happen off the blockchain, such as fraudulent accounting by crypto firms. 

‍‍MailChimp Suffers New Security Breach: Second Such Incident in 6 Months

Email marketing company MailChimp says it suffered another breach after attackers conducted a social engineering attack on the firm’s employees and contractors. With approximately 14 million users and 600 million emails sent through the platform every day, Mailchimp is one of the most well-known email marketing services available. According to a statement from MailChimp, hackers gained access to an internal support and account administration tool, which gave the attackers access to at least 133 customers' personal information. MailChimp has previously suffered a security breach that compromised more than 200 customer accounts in the cryptocurrency industry back in August 2022. 

‍Norton LifeLock Says Thousands of Customer Accounts Breached

According to a recent data breach notice from the company, approximately 6,450 Norton LifeLock customers had their accounts compromised in recent weeks, potentially giving criminal hackers access to customer password managers. Norton LifeLock provides identity protection and cyber security services.‍

‍Norton LifeLock's parent company, Gen Digital, informed customers that a credential stuffing attack, rather than a system compromise, was more likely to be the cause of the incident. In this type of attack, credentials that have already been compromised or exposed are used to access accounts on various services and websites that use the same passwords.

‍Nissan North America Data Breach Caused by Vendor-exposed Database

Nissan North America has suffered a data breach from a third-party service provider that exposed the information of 17,998 customers. The third party software development vendor had received customer data from Nissan for use in developing and testing software solutions for the automaker, which was inadvertently exposed due to a poorly configured database. Full names, birthdates, and NMAC account numbers (a Nissan finance account) are among the information that has been made public. Additionally, the notice makes it clear that neither credit card information nor Social Security numbers were among the exposed data. Nissan claims that it has seen no evidence to date that any of this information has been misused and is only sending out the notices out of an abundance of caution.

‍Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware

Cyber security researchers have discovered a novel approach for threat actors to abuse a legitimate feature in GitHub Codespaces to deliver malware to victim systems. GitHub Codespaces is a cloud-based configurable development environment that allows users to debug, maintain, and commit changes to a given codebase from a web browser or via an integration in Visual Studio Code. It also comes with a port forwarding feature that makes it possible to access a web application that's running on a particular port within the codespace directly from the browser on a local machine for testing and debugging purposes. Cyber security researchers have found that publicly-shared forwarded ports could be exploited to create a malicious file server using a GitHub account.