11 Sept 2020 | Asia Cyber Summary


Blackpanda Feature

One-Kick Philosophy

“I fear not the man who has practiced 10,000 kicks once, but I fear the man who practices one kick 10,000 times.” —Bruce Lee

"It took me 15 years to progress from blue belt to purple belt. It normally takes two to four years. I was frustrated. I quit many times, and I kept coming back. I cannot say that I’ve tried at anything harder in my life than studying the art of jiujitsu.

But as with many elements of jiujitsu, I often take lessons that I can apply to other aspects of my life. What does Bruce Lee, jiujitsu, and an obsession with the basics have to do with Blackpanda’s success? Everything."

Read more about our ‘One-Kick Philosophy’ in the latest post by Blackpanda Co-Founder and CEO, Gene Yu here.


In The Spotlight This Week:

Cyber crime on the rise in Hong Kong

• CenturyLink outage leads to 3.5% drop in global web traffic

• How Cyber attackers “cash out” following large scale heists

• Thanos ransomware: destructive variant targeting state-run organizations in the Middle East and North Africa

Cyber Crime Numbers Surge in Hong Kong

The number of technology-based crimes in Hong Kong doubled to more than 6,400 in the first half of the year, with monetary losses totaling some HK$1.52 billion (US$196 million), as working from home amid the coronavirus pandemic made remote employees “vulnerable” to online criminals. A new type of fraud surrounding surgical masks took off at the beginning of the Coronavirus pandemic as many Hongkongers were desperate to protect themselves.  Another form of cybercrime that rose rapidly was the creation of fake websites—as low as 4 forged websites between 2016 and 2019 and astronomical increase to 380 within the first eight months of 2020. As cyber criminals are becoming more inventive, and the value of ransom increases, cyber security protection should be at the forefront of planning for all companies and individuals.

CenturyLink Outage Leads to 3.5% Drop in Global Web Traffic

US internet service provider CenturyLink suffered a major technical outage on August 30th following a misconfiguration in one of its data centers, causing havoc across the internet. Due to the technical nature of the outage – involving both firewall and BGP routing – the error spread outward from CenturyLink's network and also impacted other internet service providers, causing connectivity problems for many companies.

The list of tech giants who had services go down because of the CenturyLink outage includes big names such as Amazon, Twitter, Microsoft (Xbox Live), EA, Blizzard, Steam, Discord, Reddit, Hulu, Duo Security, Imperva, NameCheap, OpenDNS, and many more.

Follow the Money: How Cyber Attackers “Cash Out” Following Large Scale Heists

A report put out by SWIFT and BAE Systems Applied note how cybercriminals use a complex web of money mules, front companies, and cryptocurrencies to siphon funds from their victims after an attack. They use insiders at financial institutions to evade or undermine the scrutiny of compliance teams carrying out know-your-customer (KYC) and due diligence checks on new account openings. Stolen funds are then converted into assets such as property and jewelry which are likely to hold their value and less likely to attract the attention of law enforcement.

Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa

In early July, files associated with an attack on two state-run organizations in the Middle East and North Africa installed and ran a variant of Thanos Ransomware.

The ransomware message requested a victim transfer $20,000 into a specified Bitcoin wallet to restore the files on the system. 

The ransomware was configured to overwrite the master boot record (MBR), required for the computer to locate and load the operating system. The ransomware was not successful in overwriting the MBR to display the same ransom message as the previously mentioned text file because the ransom message contained invalid characters, which left the MBR intact and allowed the system to boot correctly. 

This means that even though the ransomware was configured to overwrite the MBR, the threat actors were unsuccessful in causing the computers they infected with the Thanos ransomware not to boot.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.