14th May 2021 | Asia Cyber Summary

Updated: May 18, 2021

In The Spotlight This Week:

  • Information of more than 1,100 UOB customers disclosed after employee falls for scam

  • Insurer AXA halts ransomware crime reimbursement in France

  • Ransomware attack leads to shutdown of major U.S. pipeline system

  • Adobe warns customers of critical zero-day attack

  • University cancels exams after cyber attack

  • Group pleads guilty to running bulletproof hosting service for criminal gangs

  • Top 5 ransomware attacks to watch out for in 2021

Information of More Than 1,100 UOB Customers Disclosed After Employee Falls for Scam

Information of 1,166 customers has been disclosed after a United Overseas Bank (UOB) employee fell prey to an impersonation scam. The customers whose data have been compromised are predominantly Chinese nationals, with their names, identification and mobile numbers, as well as account balances, having been disclosed.

A UOB spokesperson noted that “their bank account numbers were not disclosed and our IT systems remain secure.” According to its preliminary findings, an employee of the bank had allegedly fallen prey to a China police impersonation scam and had been deceived into disclosing the information of these customers with Singapore-based accounts.

UOB said it has written to all affected customers and has taken several precautionary measures to protect them as they may be targeted by scammers.

Insurer AXA Halts Ransomware Crime Reimbursement in France

In an apparent industry first, global insurance company AXA said last Thursday it will stop writing cyber insurance policies in France that reimburse customers for extortion payments made to ransomware criminals.

The suspension only applies to France and does not affect existing policies, said Christine Weirsky, a spokeswoman for the U.S. AXA subsidiary, a leading underwriter of cyber-insurance in the United States. She said it also does not affect coverage for responding to and recovering from ransomware attacks.

Ransomware Attack Leads to Shutdown of Major U.S. Pipeline

A ransomware attack led one of the nation’s biggest fuel pipeline operators to shut down its entire network last Friday. While it is not expected to have an immediate impact on fuel supply or prices, the attack on Colonial Pipeline–which carries almost half of the gasoline, diesel and other fuels used on the East Coast–underscores the potential vulnerability of industrial sectors to the expanding threat of ransomware strikes.

The attack appears to have been carried out by an Eastern European-based criminal gang DarkSide, according to U.S. officials. Federal officials and private security firm Mandiant, a division of FireEye, are investigating the matter.

Adobe Warns Customers of Critical Zero-Day Bug

Adobe has warned customers of a critical zero-day bug actively exploited in the wild that affects its ubiquitous Adobe Acrobatreader software. These updates resolve vulnerabilities rated “critical” and “important.”  Successful exploitation could lead to arbitrary code execution in the context of the current user. A patch has been made available, providing 43 fixes for 12 of its products.

University Cancels Exams After Cyber-Attack

Final examinations at the oldest technological research university in America have been canceled following a cyber-attack. Much of the computer network of Rensselaer Polytechnic Institute (RPI) was forced to shut down after unauthorized access was detected on Friday. Student assessments, research, and other academic activities have been impacted.

RPI issued a statement noting that they have temporarily suspended access to the network as they work with law enforcement and cybersecurity experts to determine the extent of the “trespass”. Students whose online exams were impacted by the attack were told that they would be accommodated.

RPI did not share any further details of the incident such as what information may have been accessed. The institute has not shared when its network will be up and running again.

Group Pleads Guilty to Running Bulletproof Hosting Service for Criminal Gangs

Four individuals have pleaded guilty to running a bulletproof hosting service used by criminals to launch cyberattacks. The US Department of Justice (DoJ) said that three Russian nationals and an Estonian operated a bulletproof host between 2009 and 2015.

Bulletproof hosting is a service in which a private online infrastructure is offered, and operators will generally turn a blind eye to what customers use their rented domains for. According to the DoJ, the group rented out servers and domains that were used in criminal campaigns including attacks against US companies and financial organizations.

Malware including the Zeus and SpyEye Trojans, Citadel Trojan, credential stealer, and the Blackhole exploit used in drive-by downloads to serve payloads to victims were among those hosted by the bulletproof hosting provider.

All four have pleaded guilty to one count of the RICO charge in the US District Court and may each face up to 20 years in prison.

Top 5 Ransomware Attacks to Watch Out for in 2021

Security researchers have uncovered that year-on-year ransomware attacks are doubling in number. According to a report from TechTarget, the average ransom payment has increased by 43% as compared to Q4 of 2020.

Various ransomware families have now become capable of stealing sensitive data through highly sophisticated techniques. Industry verticals like BFSI (banking, financial services, and insurance), IT, government, manufacturing, etc., are gold mines right now for these cyber criminals to steal sensitive data. The top five most dangerous ransomware attacks include Maze Ransomware, REvil Ransomware,

Ryuk Ransomware, Tycoon Ransomware, and NetWalker Ransomware.

If you are hit with a ransomware attack, Blackpanda's expert ransomware response specialists will guide your organization through the incident, helping minimize loss, recover encrypted data, and facilitate payment. Reach out to us for assistance.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.