7 Apr 2023 | Asia Cyber Summary

In the spotlight this week:

• US, South Korea, Japan Express Concern Over North Korea's 'Malicious' Cyber Activities
• 'Operation Cookie Monster': International Police Action Seizes Dark Web Market
• Australia May Inadvertently Fuel Cyber Crime, Says Data Theft Victim Service
• Uber Suffers Another Data Breach After Law Firm’s Servers Attacked
• Rorschach – A New Sophisticated and Fast Ransomware

‍

US, South Korea, Japan Express Concern Over North Korea's 'Malicious' Cyber Activities

In a joint statement released on Friday (April 7th), the United States, South Korea, and Japan expressed significant concerns regarding North Korea's "malicious" cyber operations aimed at supporting its weapons programs. Officials and experts from these three nations have claimed that cryptocurrency funds stolen by North Korean hackers are a primary source of funding for the country's weapons programs, which have been impacted by international sanctions.

‍'Operation Cookie Monster': International Police Action Seizes Dark Web Market

In a global crackdown known as "Operation Cookie Monster," international law enforcement agencies have seized a vast dark web marketplace commonly used by cybercriminals. On Tuesday night, a banner displayed on the Genesis Market website indicated that the FBI had seized domains owned by the organisation. According to British authorities, the operation involved 17 countries and resulted in approximately 120 arrests, over 200 searches, and almost 100 instances of "preventative activity." Genesis Market primarily sold digital products, with a focus on "browser fingerprints" obtained from computers infected with malware. Its administrators are believed to operate from Russia.

‍Australia May Inadvertently Fuel Cyber Crime, Says Data Theft Victim Service

IDCare, an Australian non-profit service for victims of identity theft, has criticised the government's plan to increase privacy laws, stating it could lead to more ransomware attacks. IDCare argues that if there are no rules to bar or discourage ransom payments, it is unlikely that ransomware groups targeting Australian organisations will reduce their activities. The government has raised the maximum fine for companies that fail to stop data theft to AUD 50 million, up from AUD 2.2 million. IDCare believes this raises the threat of massive fines, which could force companies to choose between paying a ransom demand or risking a fine of up to AUD 50 million.

‍Uber Suffers Another Data Breach After Law Firm’s Servers Attacked

Uber has been caught up in another data breach, this time caused by the theft of private driver data from a third-party law firm. Genova Burns, a New Jersey-based mid-sized law firm, has notified Uber drivers that their confidential information, including social security and tax identification numbers, has been compromised due to a data breach in its IT systems. This marks the third time in the last six months that Uber has experienced a data breach.

‍Rorschach – A New Sophisticated and Fast Ransomware

Cyber security researchers have discovered a new ransomware dubbed Rorschach that appears to be unique, sharing no overlaps that could easily attribute it to any known ransomware strain. In addition, it does not bear any kind of branding, which is a common practice among ransomware groups. Rorschach ransomware is distinct from other known ransomware strains and lacks any recognizable branding typically used by such groups. It possesses autonomous functions, like the creation of a domain group policy (GPO), that are usually performed manually during enterprise-wide ransomware deployment. This capability has been linked to LockBit 2.0 in the past. Rorschach is also highly customizable and contains technically unique features, like the use of direct syscalls, not commonly seen in ransomware. Additionally, due to its unique implementation methods, Rorschach is one of the fastest ransomware observed in terms of encryption speed.

‍