18 February 2022 | Asia Cyber Summary

In the Spotlight this Week:

  • Singapore bank gives customers “kill switch” to freeze accounts in case of fraud

  • Harbour Plaza Hotel data breach sees 1.2m customer data leaked

  • Sports brand Mizuno hit with ransomware attack delaying orders

  • Ransomware gang says it has hacked 49ers NFL team

  • Trickbot Malware targeted customers of 60 high-profile companies since 2020

Singapore Bank Gives Customers “Kill Switch” to Freeze Accounts in Case of Fraud

OCBC Bank has introduced a "kill switch" that it says will let its customers cut access to all their accounts if they suspect their personal data have been compromised. When activated, the kill switch will immediately freeze all accounts including digital banking, e-payment, ATM access, and credit cards.

All major retail banks in Singapore are required to register their Sender ID details with the registry, as are government agencies. Officials had previously alluded to the possibility of a kill switch for customers to freeze their own accounts without needing to contact the banks.

Harbour Plaza Hotel Data Breach Sees 1.2m Customer Data Leaked

Customers of Harbour Plaza Hotel are asked to be on guard for possible scams as its booking database saw an attack compromising data of more than a million customers. Privacy Commissioner Ada Chung said she's probing the data leak involving 1.2 million customers, and is investigating the type of personal data involved in the breach, say media reports.

Customers of the hotel are asked to check for unauthorized transactions, unusual email logins and even told to change their passwords. Customer information involved in the incident may include registered names of customers' accounts, encrypted and masked login passwords, registered and contact email addresses.

Sports Brand Mizuno Hit with Ransomware Attack Delaying Orders

Sports equipment and sportswear brand Mizuno is affected by phone outages and order delays after being hit by ransomware. This cyber attack led to significant business disruption, including phone outages, delays in shipping products, and website issues.

The attack leads to order delays.

As for Mizuno, they have been tight-lipped regarding the whole incident, not providing a public statement about what is causing their week-long outages or responding to multiple queries about the attack. At this time, it is unknown what ransomware gang is behind the attack, but if the company does not pay a ransom, we will likely learn at a later date if the hackers publish stolen data.

Ransomware Gang Says it Has Hacked 49ers NFL Team

The San Francisco 49ers have been hit by a ransomware attack, with cyber criminals claiming they stole some of the football team's financial data. The ransomware gang BlackByte recently posted some of the purportedly stolen team documents on a dark web site in a file marked "2020 Invoices." The gang did not make any of its ransom demands public or specify how much data it had stolen or encrypted.

The team, which is among the most valuable and storied franchises in the NFL and lost a close playoff game two week ago, said in a statement Sunday that it recently became aware of a “network security incident" that had disrupted some of its corporate IT network systems. The 49ers said they'd notified law enforcement and hired cyber security firms to assist.

Trickbot Malware Targeted Customers of 60 High-Profile Companies Since 2020

The notorious TrickBot malware is targeting customers of 60 financial and technology companies, including cryptocurrency firms, primarily located in the U.S., even as its operators have updated the botnet with new anti-analysis features. TrickBot is a sophisticated and versatile malware with more than 20 modules that can be downloaded and executed on demand.

In addition to being both prevalent and persistent, TrickBot has continually evolved its tactics to go past security and detection layers. To that end, the malware's "injectDll" web-injects module, which is responsible for stealing banking and credential data, leverages anti-deobfuscation techniques to crash the web page and thwart attempts to scrutinize the source code.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.