16 Oct 2020 | Asia Cyber Summary

In the spotlight this week: 

  • Morgan Stanley to pay US$60 Million fine for 2016 data breach

  • The return of Ryuk Ransomware

  • New cyber security label for smart home devices launched in Singapore

  • Singapore unveils masterplan to protect the national digital sphere

Morgan Stanley to Pay US$60 Million Fine for 2016 Data Breach

Morgan Stanley has agreed to pay a US$60 million fine for its repeated failures to adequately protect customer data when disposing of old equipment. The bank did not maintain an inventory of the customer data on those systems and did not properly oversee the contractors it hired to make sure customer data had been wiped from the old equipment. Morgan Stanley’s failures to make sure adequate protections were in place is part of a pattern of misconduct, as the bank faced a similar situation in 2019 when servers in some branch locations were replaced. Many data breaches occur because an outside adversary bypasses security defenses or somehow compromises a system. Human error, however, was the second most common cause of data breaches in 2019. Be vigilant about what your partners are doing with your data, as security missteps by contractors could

land you with a data breach (and a hefty fine).

Ryuk’s Return

Ryuk has become one of the most proficient ransomware gangs in the past few years, with the FBI reporting US$61 million having been paid to the group as of February this year. In its latest attack, a loader malware known as Bazar/Kegtap entered a client’s ecosystem through an email delivery via malspam and spread to the entire domain within 29 hours. The group behind the attack asked for over $6 million to unlock the system and retrieve the data.

New Cyber Security Label for Smart Home Devices Launched in Singapore

A new labeling scheme to indicate the cyber security levels of home appliances has been launched in Singapore, with plans to have the standards adopted at an international level. The Cybersecurity Labelling Scheme (CLS) will be similar to energy labels, with a tiered reference to security levels that can guide consumers into making informed decisions. The labeling scheme administered by the Cyber Security Agency (CSA) aims to establish cyber rating levels for registered smart devices, such as home routers and smart home hubs.

New Masterplan to Protect National Digital Sphere

As part of the newly unveiled Safer Cyberspace Masterplan 2020, Businesses in Singapore are set to benefit from free cyber-health screenings to spot weaknesses in their Web domains, e-mail systems, and connectivity. The national plan also outlines the use of artificial intelligence (AI) to sniff out security threats in key infrastructure, including broadband and 5G networks, and consumer devices such as webcams and Wi-Fi routers. Coordinated by the Cyber Security Agency (CSA) of Singapore, one of the key initiatives of the plan is to provide free cyber health screenings through a portal, which will be launched as early as next year. Businesses will be able to check instantly if their Web domains, e-mail systems and Web connectivity are in the pink of health through the CSA-run Internet Cyber Hygiene Portal. Self-help guides and toolkits will also be available for download.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.