18 March 2022 | Asia Cyber Summary

In the Spotlight this Week:

  • Didi to halt Hong Kong listing plan on cyber security probe

  • The United Kingdom shares best practices on cyber security with the Philippines

  • Japanese beauty retailer Acro blames third-party hack for breach of 100k payment cards

  • Israeli government websites crash in suspected cyber attack

Didi to Halt Hong Kong Listing Plan on Cyber Security Probe

Didi Global has suspended preparations for its planned Hong Kong listing after failing to appease Chinese regulators' demands that it overhaul its systems for handling sensitive user data, according to people familiar with the matter.


The Cyberspace Administration of China (CAC) informed Didi executives that their proposals to prevent security and data leaks had fallen short, the people said. Its main apps, removed from local app stores last year, will remain suspended for the time being, said one of the people, who asked not to be identified as the information is private.


Didi and its bankers have halted work on the Hong Kong listing by way of introduction originally slated for around the summer of this year, sources said.



The United Kingdom Shares Best Practices on Cyber Security with the Philippines

The virtual UK-PH Cyber Security Forum was held on the 11th of March to discuss the growing relevance of Cyber Security in the Philippines. DIT Country Director Richard Colley shared that the forum "aims to help forge relationships and build connections between the UK and the Philippines and work together on addressing cyber security risks".


The strategic relevance of the ASEAN region, including the Philippines, makes it a prime target for cyber attacks. The growth in trade, capital flows, and cyber linkages between the Philippines and other countries implies that its cyber threat landscape will become even more complex in the future, further escalating its cybersecurity vulnerabilities.

Mr Ramon L. Jocson, Vice-Chairman of the BAP Cyber Security Committee talked about the cyber threats that Philippine banks and financial intermediaries are facing including the prevalence of ransomware and supply chain attacks, but also shared BAP’s initiatives and collaboration with Government and public agencies to address cyber issues.



Japanese Beauty Retailer Acro Blames Third-Party Hack for Breach of 100k Payment Cards

In a data breach notice, beauty products retailer Acro revealed that customers of two of its four beauty product websites were impacted as the result of exploitation of a vulnerability in a third-party payment processing vendor.


The attack, it added, compromised data related to 89,295 payment cards used to pay for goods on the Three Cosmetics domain and 103,935 cards used on its Amplitude site.

Victims potentially include anyone who made purchases on either of the two sites between May the 21st, 2020, and August the 18th, 2021.


The stolen data apparently included cardholder names, payment card numbers, dates of expiry, and security codes. It is also possible that some usernames and passwords may have been leaked, said Acro.



Israeli Government Websites Crash in Suspected Cyber Attack

A cyber attack crashed a number of Israeli government websites Monday the 14th of March, according to the country's cyber officials.


The Israel National Cyber Directorate blamed the outages on a denial-of-service or DDoS attack. Such incidents typically involve outside attackers directing waves of inauthentic traffic at a website, temporarily rendering it inaccessible. Ministries of health, justice, welfare were affected, as was the prime minister's office, the news site Haaretz reported.


Access to the websites has been restored, the agency said. Hendel declined to comment on the possible source of the attack. Gil Messing, spokesman for Israel-based Check Point Software Technologies said it was unlikely any significant damage was caused.



Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.