13 August 2021 | Asia Cyber Summary

In the spotlight this week:

  • More than 57,000 StarHub customers' personal data leaked

  • Computer hardware giant Gigabyte hit by RansomEXX ransomware

  • Accenture hit by ransomware attack, latest victim of ‘Cyber-Pandemic’

  • Crypto heist hacker returns most of the stolen funds

  • FlyTrap Android malware used to compromise Facebook accounts

More Than 57,000 StarHub Customers' Personal Data Leaked

The identity card numbers, mobile numbers and e-mail addresses belonging to 57,191 StarHub customers have been leaked online, six months after a similar leak of Singtel customers' personal data. StarHub said its cyber-security team discovered the data breach on July 6 when it was performing online surveillance. The team found an illegally uploaded file containing the personal data of its customers on a third-party data dump website. The affected customers had subscribed to StarHub services before 2007. Apologising for the leak, Mr Nikhil Eapen, StarHub's chief executive, said: "Data security and customer privacy are serious matters for StarHub. We will be transparent and will keep our customers updated. We will provide support to those affected." The telco has also said no credit card or bank account information is at risk. None of its information systems or customer database have been compromised, StarHub has also added that there is also no indication so far that any data in the leaked document has been maliciously misused, the telco said.

Computer Hardware Giant Gigabyte Hit by RansomEXX Ransomware

Computer Hardware Giant Gigabyte Hit by RansomEXX Ransomware Taiwanese motherboard maker Gigabyte has been hit by the RansomEXX ransomware gang, who are threatening to publish 112GB of stolen data unless a ransom is paid. Gigabyte is best known for its motherboards, but also manufactures other computer components and hardware, such as graphics cards, data center servers, laptops, and monitors. The attack forced the company to shut down systems in Taiwan. The incident also affected multiple websites of the company, including its support site and portions of the Taiwanese website Customers have also reported issues accessing support documents or receiving updated information about RMAs, which is likely due to the ransomware attack. After detecting the abnormal activity on their network, they had shut down their IT systems and notified law enforcement.

Accenture Hit By Ransomware Attack, Latest Victim Of ‘Cyber-Pandemic’

Accenture on Wednesday confirmed that it was hit by a ransomware attack, with a hacker group using the LockBit ransomware reportedly threatening to release the company’s data and sell insider information. The hacker group in a post on the Dark Web wrote, “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases, reach us.” Accenture, in an emailed response to a request for information confirmed the ransomware attack, but said there was no impact on the company. “Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected servers from back up. There was no impact on Accenture’s operations, or on our clients’ systems,” Accenture wrote.

Crypto Heist Hacker Returns Most of The Stolen Funds

Poly Network confirmed on Twitter that $268m worth of Ether tokens had now been recovered. Over the last 24 hours, the hacker has returned $342m worth of tokens relating to three crypto-currencies to the firm. The individual also posted several pages of notes to the blockchain, disclosing why they hacked the firm and the offers Poly Network made to them. In a twist that's worrying some cyber-security experts, the hacker claims the firm offered to pay $500,000 if they returned the stolen assets, as well as a promise of immunity from prosecution. However, the hacker says he did not accept the offer. Poly Network stated that most of the remaining assets in the hacker's possession had been transferred to a digital wallet controlled by both the hacker and the company. But some of the money is still outstanding. The hacker still holds $33.4m of stolen Tether [tokens] - because it has been frozen by Tether themselves.

FlyTrap Android Malware Used to Compromise Facebook Accounts

Zimperium has revealed that new Android malware has compromised the Facebook accounts of more than 10,000 people across 144 countries since March. The company dubbed this malware FlyTrap and said that until recently it was listed on the official Google Play Store. FlyTrap masqueraded as a variety of mobile apps dedicated to "free Netflix coupon codes, Google AdWords coupon codes, and voting for the best football (soccer) team or player," Zimperium said, and "tricked users into downloading and trusting the application with high-quality designs and social engineering" before attempting to gain access to their Facebook accounts. Schemes like this often present fake websites, but in this particular case, Zimperium said that FlyTrap took users to Facebook's legitimate sign-in page. The malware then used a JavaScript injection to gain access to the user's Facebook ID, location, email address, and IP address as well as the "Cookie and Tokens associated with the Facebook account" being accessed. That stolen information would then be transferred to FlyTrap's command and control server. Zimperium also discovered security vulnerabilities in the server it examined, which has the potential to "expose the entire database of stolen session cookies to anyone on the internet, further increasing the threat to the victim’s social credibility" in the process.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.