24 Feb 2023 | Asia Cyber Summary

In the spotlight this week:

• Singapore Data Centre Says No Data Loss Discovered After Report on Hackers Obtaining Logins
• HardBit Ransomware Tells Corporate Victims to Share Their Cyber Insurance Details
• Cyber Leaders Criticise Twitter’s Decision to Remove 2FA for Non-subscribers
• Coinbase Employee Falls for SMS Scam in Cyber Attack, Limited Data Exposed
• Video Game Publisher Activision Hacked, Employee and Game Info Exposed
• Web-hosting Site GoDaddy had Source Code and Customer Details Stolen by Hackers
• ​​Putin Silenced by Pro-Ukrainian Hackers During DDoS Attack on Russian Media

‍‍‍

Singapore Data Centre Says No Data Loss Discovered After Report on Hackers Obtaining Logins

Data centre operator ST Telemedia Global Data Centres (STT GDC) has noticed no data loss or impact to its customer service portals following a hacking incident in 2021. Hackers gained access to login information for STT GDC and Chinese data centre operator GDS's customer-support websites by using an unspecified method, including email addresses and passwords of both the company's own staff and customers. STT GDC and GDS are among the largest data centre operators in Asia. In order to be nearer to customers and business operations in Asia, they typically rent space in their data centres to clients who install and manage their own IT equipment. GDS is one of the top three colocation providers in China, the second-largest market in the world for the service after the US. Singapore ranks sixth.

‍HardBit Ransomware Tells Corporate Victims to Share Their Cyber Insurance Details

Threat actors employing HardBit 2.0 Ransomware have employed an unusual method of asking targeted victim companies to divulge the terms of their cyber insurance policies in order to extort ransom payments from cyber insurance companies, a move that they deemed mutually beneficial to both the victim and the threat actor. HardBit 2.0 ransomware claims to steal files from compromised networks and encrypt the data it leaves behind. However, a data leak site operated by the HardBit gang has yet to be discovered. 

‍Cyber Leaders Criticise Twitter’s Decision to Remove 2FA for Non-subscribers

In an effort to reduce abuse of phone-based two-factor authentication (2FA) by threat actors, Twitter announced that it would remove 2FA for all unpaid accounts. Twitter is encouraging all users to disable all phone-based 2FA by March 20, or have their accounts deactivated. Officials are encouraging non-subscribers to use an authentication app or another security key instead. Unsurprisingly, the action has sparked a number of jokes and angry comments, all of which imply that the goal of the action was to force users to pay for the blue-check verification feature. But the overwhelming majority of users refuse to back down, explaining in detail how this action will make it simple for hackers to access sensitive information.

‍Coinbase Employee Falls for SMS Scam in Cyber Attack, Limited Data Exposed

Popular cryptocurrency exchange platform Coinbase disclosed that it experienced a cyber security attack that targeted several employees as part of an SMS phishing campaign, urging them to sign in to their company accounts, resulting in the exposure of a "limited amount of data" from its directory, including employee names, email addresses, and some phone numbers. The company was alerted to the attack within the first 10 minutes, and their incident responders reached out to the victim to inquire about the suspicious activity and kickstart mitigating actions.

‍Video Game Publisher Activision Hacked, Employee and Game Info Exposed

Call of Duty video game maker Activision has suffered a data breach, with threat actors accessing the game publisher’s corporate Slack environment and game release calendar. Screenshots of the attack revealed threat actors posting obscene messages in Activision’s ‘#general’ Slack channel using a compromised account. The breach also targeted its employees via an SMS-based phishing campaign. Potential victims received a message supposedly from the “Activision Automated SMS Dispatcher” titled “Employment status: under review”, urging them to respond with two-factor authentication (2FA) code.

‍Web-hosting Site GoDaddy had Source Code and Customer Details Stolen by Hackers

Web-hosting site GoDaddy has suffered from a multi-year breach, with attackers installing malware on its servers. Unknown attackers accessed GoDaddy’s servers via a cPanel shared hosting environment and installed malware as part of a multi-year campaign by a sophisticated threat actor group. The threat actors obtained some pieces of code related to some of GoDaddy services. According to GoDaddy, the same attackers were responsible for the 2021 breach, in which email addresses of up to 1.2 million Managed WordPress customers were accessed by an unauthorised third party. GoDaddy believes that threat actors target hosting services to infect websites and servers with malware that can be later used in phishing campaigns, malware distribution, or other malicious activities.

‍Putin Silenced by Pro-Ukrainian Hackers During DDoS Attack on Russian Media

Pro-Ukrainian hackers, the IT Army of Ukraine, have claimed responsibility for a DDoS attack against Russian state media, causing a blackout during President Vladimir Putin's State of the Nation address to the Russian parliament. Putin was delivering the live-streaming address to Russia’s two houses of parliament Tuesday when journalists in multiple locations reported being unable to access the live broadcast at different points of the speech. The state media and websites affected by the hack include the All-Russia State Television, the Radio Broadcasting Company (VGTRK) website, and the Smotrim live-streaming platform.