In the spotlight this week:
- Eight Shangri-La Hotels in Asia Hit by Data Breach, Potentially Exposing Guest Information
- North Korea’s Lazarus Group Uses Vulnerable Dell Driver to Blind Security Solutions
- Australia’s Telstra Reveals Data Breach Two Weeks After Attack on Optus
- Former Uber Security Chief Found Guilty of Obstructing Federal Trade Commission Probe
- Binance Smart Chain Halts After 'Potential Exploit' Drains Estimated $100M in Crypto
Eight Shangri-La hotels in Asia, including Singapore and Hong Kong were hit by a data breach, potentially exposing guest information such as names, email addresses and phone numbers. A sophisticated threat actor managed to bypass Shangri-La’s IT security monitoring systems undetected to access the guest databases. While there is no evidence that data exfiltrated from the databases has been released by third parties or misused, Shangri-La is offering affected guests a one-year complimentary identity monitoring service, in countries where local regulation permits.
North Korean state-sponsored hacker group Lazarus has begun exploiting a known vulnerability in an OEM driver developed by Dell to evade detection by security solutions. The hackers used fake job offers as an entry point to target its victims. These fake offers were related to Amazon’s space program and Amazon Web Services, by sending them malicious documents via LinkedIn and email. The malicious documents then utilized the remote template technique to fetch and load malicious code from an external server to subsequently deploy a malware dropper that initiates the multi-stage payload.
Australia’s largest telecoms firm Telstra said that it had suffered data breach two weeks after its main rival Optus fell victim to a massive cyber attack. According to Telstra, the data breach affected approximately 30,000 current and former employees dating back to 2017. The data is said to be limited to names and email addresses only.
Telstra has 18.8 million customer accounts which is equivalent to three-quarters of Australia’s population. Australia’s telecommunications, financial, and government sectors have been on high alert since Optus disclosed a massive cyber attack on its systems that may have compromised up to 10 million people’s accounts.
Uber’s former Chief Security Officer Joseph Sullivan has been convicted of criminal obstruction charges for failing to report a 2016 cyber intrusion to federal authorities. This case highlights the gray areas and difficulties that cyber security teams face during incident response. Mr. Sullican’s team had paid USD 100,000 as ‘bug bounty’ to an anonymous hacker who had threatened to release the data of 57 million Uber customer records. Prosecutors argue that the payment was an attempt by Mr. Sullivan to cover up the incident and to prevent it from being reported to the Federal Trade Commission, which was investigating Uber’s cybersecurity practices over an earlier breach at the time. Mr. Sullivan was fired by Uber in 2017 and charged by federal authorities three years later.
Mr. Sullivan now faces a five-year prison sentence on the obstruction charge and as many as three years in prison on a second charge of failing to report a felony.
Binance Smart Chain (BSC) temporarily suspended its services after a blockchain with ties to the world’s largest crypto exchange suffered a ‘potential exploit’ targeting hundreds of millions of dollars in crypto. A threat actor had allegedly targeted up to two million BSC tokens, although true losses might be lower. BNB Chain estimates that USD 100 - 110 million in assets were moved off the chain and that USD 7 million had already been frozen. BSC confirmed that it coordinated a shutdown of the chain after spotting issues with BSD Token Hub protocol, the clearinghouse for crypto transactions moving between the Binance-linked blockchain’s interlocking parts.