17 December 2021 | Asia Cyber Summary

In the Spotlight this Week:

  • Singapore firms warned to quickly fix Log4j software security hole that world experts call worst in years

  • Bangko Sentral working with BDO Unionbank over data breach

  • AscendEX to reimburse customers after the theft of USD 77.7 million in crypto

  • Volvo R&D data stolen in security breach

  • Kronos ransomware attack may cause weeks of HR solutions downtime

Singapore Firms Warned to Quickly Fix Log4j Software Security Hole That Experts Call Worst in Years

Organizations should take swift action to patch a "critical vulnerability" in a widely used software that could allow hackers to take full control of computer systems, the Cyber Security Agency of Singapore (CSA) said. The flaw, which affects a wide range of applications from social media and gaming to online shopping and banking, is likely to affect hundreds of millions of devices, the United States' national cyber security agency said on Monday, adding that it could be one of the worst in years. The affected Apache Log4j is a free, open source software that is popularly used to log and keep track of activities and changes in software applications, including system errors and messages from users.

Cyber security experts warned that the flaw can be easily exploited by adding just a line of code.

This could allow cybercrooks to, among other things, abuse the vulnerability to steal and delete data, hijack a company's email system to send phishing messages to other firms, and make fraudulent bank transfers. Among the services and sites known to be vulnerable at some point include Apple's iCloud online back-up service, Valve's Steam online game store and Microsoft's Minecraft online game. Other firms reportedly at risk include Amazon, Baidu, Google, Tencent and Twitter. Cyber criminals appear to be rushing to find potential victims they can attack using the flaw. Because (Log4j) is everywhere and easy to exploit, we will see a lot of exploitation in the coming days, weeks, and maybe months.

Bangko Sentral Working With BDO Unionbank Over Data Breach

Bangko Sentral Pilipinas Governor Benjamin Diokno said the BSP is closely looking at the issue of data breach involving certain BDO Unibank Inc. accounts and that they are coordinating with its stakeholders for the reimbursement of the reported unauthorized bank transfers.

“We are aware of a sophisticated fraud technique that has affected some of our clients. We assure you that we have already implemented additional security controls to block further attempts and continue to protect bank credentials”, BDO said in a statement sent via mobile message. The lender also said that cyber security remains a focal point of the banking sector, and that it is continuously investing and working to improve its security infrastructure and protect client’s money. The funds supposedly duped from BDO account holders were reportedly then transferred to accounts under the Union Bank of the Philippines to acquire cryptocurrencies.

AscendEX to Reimburse Customers After the Theft of USD 77.7 Million in Crypto

Singapore based Crypto platform AscendEX has pledged to reimburse their customers, who lost a total of USD 77.7 million in a hack on December 11. In a series of Tweets, the company said it is in the process of "standing up a new hot wallet infrastructure" and estimated that deposits and withdrawals would resume over the next two days.

The total stolen amount was taken across three chains: USD 60 million from Ethereum, USD 9.2 million from Binance Smart Chain, and USD 8.5 million from Polygon. The AscendEX losses became the latest in a series of headline-grabbing attacks with eye-popping numbers. Blockchain gaming company Vulcan Forged said around USD 140 million had been stolen from their users. They, too, were forced to reimburse victims.

Volvo R&D Data Stolen in Security Breach

Volvo Cars is investigating a cyber security breach and theft of the company’s research and development data. The company said one of its file repositories had been illegally accessed by a third party. Investigations have revealed that a “limited amount of the company’s R&D property has been stolen during the intrusion”, the company said in a statement Friday.

Despite the limited amount, there may be an impact on the company’s operation, Volvo Cars said. without providing more details on the size of the breach or what was stolen. A Volvo spokesperson also declined to provide more information. Volvo said it implemented security countermeasures, including steps to prevent further access to its property and notified relevant authorities after it detected the unauthorized access. It appears that the theft was targeting company R&D data, not customer information.

Kronos Ransomware Attack May Cause Weeks of HR Solutions Downtime

Workforce management solutions provider Kronos has suffered a ransomware attack that will likely disrupt many of their cloud-based solutions for weeks. Kronos' software is used by many companies, including car manufacturers, education institutions, and local governments. Some of the customers using Kronos include Tesla, Temple University, Community Bank, and the San Francisco Municipal Transit Authority,

Kronos Private Cloud (KPC) is secured using firewalls, multi-factor authentication, and encrypted transmissions to prevent unauthorized access to their systems. Unfortunately, the threat actors were able to breach these systems and likely encrypted servers as part of the attack. Kronos says their KPC solutions are not available and will likely take several weeks before systems become available again. During this time, they suggest customers "evaluate and implement alternative business continuity protocols related to the affected UKG solutions".

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.