17 September 2021 | Asia Cyber Summary

UPCOMING WEBINAR: SentinelOne x Blackpanda

Wednesday, 22 Sept | 9:00 a.m. HKT/SGT | Zoom Webinar Join SentinelOne and Blackpanda as we ask “is your organisation cyber incident prepared?” We will discuss incident response, current ransomware trends, and why you need a plan to discover, contain, and recover from a cyber incident.


SPEAKERS:

  • Jason Duerden, Regional Country Director, ANZ - SentinelOne

  • Gene Yu, Co-Founder and CEO, Blackpanda

Register Here: https://go.sentinelone.com/isyourorgcyberprepared.html


In the spotlight this week:

  • Technology giant Olympus hit by BlackMatter ransomware

  • Indonesia denies report of Chinese hacking group breaching intelligence agency servers

  • Russia's Yandex says it repelled biggest DDoS attack in history

  • Apple fixes iOS zero-day used to deploy NSO iPhone spyware

  • Google patches two Chrome zero-days


Technology Giant Olympus Hit by BlackMatter Ransomware

Olympus is currently investigating a potential cybersecurity incident affecting its European, Middle East and African computer networks. A ransom note left behind on infected computers claimed to be from the BlackMatter ransomware group. “Your network is encrypted, and not currently operational,” it reads. “If you pay, we will provide you with the programs for decryption”. The ransom note also included a web address to a site accessible only through the Tor Browser that is known to be used by BlackMatter to communicate with its victims.


Olympus said they are “currently working to determine the extent of the issue and will continue to provide updates as new information becomes available”.

Indonesia Denies Report of Chinese Hacking Group Breaching Intelligence Agency Servers

Indonesia’s national intelligence agency has denied a report claiming its servers were breached by a suspected Chinese state-sponsored hacking group, but says it is still investigating whether other government agencies have been affected. Researchers said malware had infiltrated the systems of at least ten Indonesian ministries and agencies, including the intelligence agency, Badan Intelijen Negara (BIN). It said, that the malware was operated by a Chinese group called Mustang Panda, that has been known to have targeted governments and telcos in Southeast Asia. It is speculated that long-standing tensions over the South China Sea, a sticking point in Indonesia and China’s bilateral ties, could be a motive for the intrusion.

Russia's Yandex Says It Repelled Biggest DDoS Attack In History

A cyber attack on Russian tech giant Yandex's servers in August and September was the largest known distributed denial-of-service (DDoS) attack in the history of the Internet, the company said. The DDoS attack, began in August and reached a record level on Sept. 5. "Our experts did manage to repel a record attack of nearly 22 million requests per second (RPS). This is the biggest known attack in the history of the internet," Yandex said in a statement. Yandex declared it had seen 5.2 million RPS on Aug. 7, 6.5 million RPS on Aug. 9, 9.6 million RPS on Aug. 29, 10.9 million RPS on Aug. 31 and finally 21.8 million RPS on Sept. 5.

Apple Fixes iOS Zero-Day Used To Deploy NSO iPhone Spyware

Apple has released security updates to fix two zero-day vulnerabilities that have been exploited to attack iPhones and Macs. One is known to be used to install the Pegasus spyware on iPhones. The vulnerabilities are tracked as CVE-2021-30860 and CVE-2021-30858, and both allow maliciously crafted documents to execute commands when opened on vulnerable devices. The vulnerability exploited in the attack, CVE-2021-30860 is a zero-day zero-click iMessage exploit named "FORCEDENTRY". The FORCEDENTRY exploit was discovered to be used to bypass the iOS BlastDoor security feature to deploy the NSO Pegasus spyware on devices belonging to Bahraini activists.

Google Patches Two Chrome Zero-Days

Google announced fixes for eleven different bugs in Chrome, including two zero-days currently being exploited. Google listed all eleven of the fixes as well as the researchers who discovered them and the bounties handed out. The two zero-days that caused the most stir were CVE-2021-30632 and CVE-2021-30633. We expect to see continued zero-day exploits in the wild, but we are confident Google will continue to place effort on security and providing timely patches to these exploits. "Now that they are patched, exploitation will ramp up. That said, almost 20 years on and we haven't made web browsing safe shows that the rapid embrace of technology continues to leave users exposed to criminals and nation-state actors," researchers said. "Everyone wants to learn how to hack; too few people are working on defense".



Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.