19 November 2021 | Asia Cyber Summary

In the Spotlight this Week:

  • Singaporean regulator punishes biggest-ever data breach: Almost 5.9 million hotel customers' info exposed

  • MacOS zero-day exploited to deliver malware to users in Hong Kong

  • Small-town Japanese hospital struggling with 'disaster' after ransomware attack

  • Costco discloses data breach after finding credit card skimmer

  • SharkBot—a new Android trojan stealing banking and cryptocurrency accounts

Singaporean Regulator Punishes Biggest-Ever Data Breach: Almost 5.9 Million Hotel Customers' Info Exposed

Singapore's Personal Data Protection Commission (PDPC) has issued a fine of SG$74,000 ($54,456) on travel company Commeasure, which operates a travel booking website named RedDoorz that exposed 5.9 million customers' data – the largest data breach handled by the Commission since its inception. The stolen data included names, contact numbers, email addresses, birthdays, encrypted RedDoorz account passwords and booking information. According to the PDPC's ruling, the database did not include credit card numbers. The data was put up for sale on a hacker forum and the Commission gave Commeasure 30 days to pay before interest kicked in.

MacOS Zero-Day Exploited to Deliver Malware to Users in Hong Kong

Google shared details about a recent attack that exploited a zero-day vulnerability in macOS to deliver malware to users in Hong Kong. The attack was likely conducted by a well-resourced state-sponsored threat group which, based on the quality of their code, had access to their own software engineering team. While Google has not named any country, users in Hong Kong have been typically targeted by threat actors sponsored by China. The Mac malware delivered in the attack can capture keystrokes, take screenshots, fingerprint compromised devices, upload and download files, execute terminal commands, and record audio. The malware sample analyzed by researchers had not been detected by any of the antivirus engines on the VirusTotal malware analysis service.

Small-town Japanese Hospital Struggling with ‘Disaster' After Ransomware Attack

A municipal hospital in a small town in west Japan is struggling badly after its computer system was infected by ransomware. The virus infected systems at Tsurugi municipal Handa Hospital in Tokushima Prefecture have disrupted electronic records for some 85,000 patients. As a result, it has stopped accepting new outpatients, and staff must make patient record entries by hand when handling diagnoses. Based on the content of the ransom note and other characteristics, the virus that infected Handa Hospital appears to be LockBit 2.0, ransomware known to be used in- and outside Japan. For Handa Hospital, this disaster was unexpected. A manager at the hospital said, "We planned with a natural disaster in mind. Our computer virus countermeasures were insufficient."

Costco Discloses Data Breach After Finding Credit Card Skimmer

Costco Wholesale Corporation has warned customers in notification letters sent this month that their payment card information might have been stolen. Costco discovered the breach after finding a payment card skimming device in one of its warehouses during a routine check conducted by Costco personnel. Data breach notification letters sent to affected individuals did not disclose the total number of impacted customers or the location where the skimmer device was found. While the company didn't reveal the exact timeline of the incident, Costco customers have complained about unauthorized transactions on their payment cards since at least February.

SharkBot — A New Android Trojan Stealing Banking and Cryptocurrency Accounts

Researchers revealed a new Android trojan that takes advantage of accessibility features on mobile devices to siphon credentials from banking and cryptocurrency services in Italy, the U.K., and the U.S. The main goal is to initiate money transfers from the compromised devices via Automatic Transfer Systems (ATS) technique bypassing multi-factor authentication mechanisms. SharkBot takes steps to evade analysis and detection, including running emulator checks, encrypting command-and-control communications with a remote server, and hiding the app's icon from the home screen post-installation. The discovery of SharkBot shows how mobile malware is quickly finding new ways to perform fraud, trying to bypass behavioural detection countermeasures put in place by multiple banks and financial services.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.