In the Spotlight this Week:
- Singapore ranked No. 6 globally for having most number of exposed databases
- Indian companies must flag cyber incidents within six hours of detection
- US federal alert warns of the discovery of malicious cyber tools
- Chinese cyber espionage group Moshen Dragon targets Asian telcos
In 2021, Singapore ranked No. 6 in the world for having the most databases exposed to the Web, which hackers could easily breach and exploit.
The number of such susceptible databases grew steadily throughout the year with increased digitilization during the pandemic. This comes at a time of growing cyber threats, as the Cyber Security Agency of Singapore reported a 200% increase in devices that had been infected with malware and turned into hacker-controlled bots, becoming a tool for hackers to launch cyber attacks.
This is an extremely worrying statistic for Singapore, not only because it means that companies here are at an exceptionally high risk of being stricken by a cyber attack, but also because their networks could be involved in massive-scale hacks overseas.
Under Singapore's Personal Data Protection Act, a company can be fined up to 10% of its annual turnover or SGD 1 million, whichever is higher, for a data breach. This is in addition to the economic, reputational and recovery costs that are linked to a cyber attack.
To avoid incurring such costs and risking shutting down business, it is vital that companies in Singapore take their endpoint and database security seriously by carrying out regular compromise assessments and preparing for cyber attacks.
All Indian companies must report any form of a cyber security incident to the Indian Computer Emergency Response Team (Cert-In) within six hours of detection, the government said on Thursday, setting a deadline for reporting such events for the first time.
The ministry of electronics and information technology (Meity) directive, which takes effect on 28 June, also expands the range of cyber incidents that need to be reported to 20 categories, including defacement of websites, unauthorized access to social media, data breach and data leaks.
Multiple US government agencies issued a joint alert on Wednesday, warning of the discovery of malicious cyber tools created by unnamed advanced threat actors that they said were capable of gaining “full system access” to multiple industrial control systems.
The public alert from the Energy and Homeland Security departments, the FBI and National Security Agency did not name the actors or offer details on the find. But their private sector cybersecurity partners said the evidence suggests Russia is behind the tools – and that they were configured to initially target North American energy concerns.
Mandiant, said in a report that the tools’ functionality was “consistent with the malware used in Russia’s prior physical attacks” though it acknowledged that the evidence linking it to Moscow is “largely circumstantial”.
Researchers have identified a new cluster of malicious cyber activity tracked as Moshen Dragon, targeting telecommunication service providers in Central Asia.
While this new threat group has some overlaps with "RedFoxtrot" and "Nomad Panda," including the use of ShadowPad and PlugX malware variants, there are enough differences in their activity to follow them separately.
According to a new report by Sentinel Labs, Moshen Dragon is a skilled hacking group with the ability to adjust its approach depending on the defenses they're facing.
The hackers engage extensively in trying to sideload malicious Windows DLLs into antivirus products, steal credentials to move laterally, and eventually exfiltrate data from infected machines.