10 April 2020 | Asia Cyber Summary

In the spotlight this week:

The vulnerabilities found in Zoom should be taken seriously by all businesses, especially during the current work-from-home period. A few points of concern:


  1. Privacy issues

  2. UNC path injection

  3. Two “zero-days” on Mac

  4. End-to-end encryption was defined as endpoint-to-server only


Note: Zoom is not malware, and it offers a quality service for businesses. However, like many fast-developing modern technologies, security has not been properly built into the design. As such, the firm is being forced to patch and catch up quickly, and those businesses using Zoom should implement updates as often and as quickly as Zoom releases them.

Another interesting vulnerability comes from a blog post by 360.cn. The alarming DarkHotel (APT-C-06) was found attacking Chinese Institutions via exploiting the SangFor VPN. Attribution is uncertain, but it also links to the same pandemic event.


March 30, 2020 | FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic

As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called “Zoombombing”) are emerging nationwide. The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.

Source: FBI Boston. Retrieved from: https://www.fbi.gov/contact-us/field-offices/boston/news/press- releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic




April 3, 2020 | Zoom’s Privacy and Security woes in the Spotlight


The seemingly insatiable demand among people and businesses alike helps reveal a rash of privacy and security issues facing the platform, Welivesecurity posted.


The app’s maker is weathering a storm of criticism from various quarters, including privacy advocates, security experts, several U.S. state attorneys general, a U.S. lawmaker, and the FBI. Bad news have kept piling up in recent days, prompting the company to respond.


Source: Welivesecurity. Retrieved from: https://www.welivesecurity.com/2020/04/03/zoom-privacy-security- spotlight/




April 6, 2020 | DarkHotel (APT-C-06) Attacks Chinese Institutions via VPN

Recently, Qihoo 360 detected an APT attack that delivered malicious files through hijacked security services of a domestic VPN provider. Further reversing shows that the attack can be attributed to the Darkhotel (APT-C-06), an APT gang in the Korean Peninsula. Since March this year, more than 200 VPN servers have been compromised and many Chinese institutions abroad have come under attack. In early April, the attack spread to government agencies in Beijing and Shanghai. The monitoring and analysis also suggest that a large number of VPN servers and endpoint devices in associated functioning units have been under the control of the attackers.

Source: Google Cache: https://bit.ly/34vsrwG (the original blog post is no longer available for access)



Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.

Copyright © 2020 Blackpanda.
All Rights Reserved.

HONG KONG

Room 37, Level 5, Core F

Cyberport 3

100 Cyberport Rd

Hong Kong

+852 6975 1099

SINGAPORE

6 Raffles Quay
#11-07
Singapore (048580)

+65 6692 9110

JAPAN

301, 2-7-18

Nishiazabu Minato-ku

Tokyo 106-0031

+81 80 2077 9824

MALAYSIA

D1-U3A-6 Solaris Dutamas

Jalan Dutamas 1

50480 Kuala Lumpur

+60 3 6206 2582

PHILIPPINES

Penthouse, World Plaza Bldg.

5th Ave., Bonifacio Global City

Taguig City 1634

+63 2 8250 6110

  • LinkedIn
  • Facebook
  • Twitter