21 January 2022 | Asia Cyber Summary

In the Spotlight this Week:

  • Singapore-based Crypto.com CEO confirms 400 accounts hacked

  • Cyberattack on Red Cross compromised data of over 515,000 "highly vulnerable people"

  • At request of US, Russia rounds up 14 REvil ransomware affiliates

  • Researchers find security flaws in Chinese government’s MY2022 Olympic app

  • Researchers discover "extremely easy" 2FA bypass in Box cloud management software

Singapore-based Crypto.com CEO Confirms 400 Accounts Hacked

Crypto.com has not received any "outreach" from regulators following a cyber-security breach earlier this week of about 400 customer accounts, according to chief executive officer Kris Marszalek.

The company became the latest crypto exchange to be hit by online thieves after users reported that Ethereum and other cryptocurrencies were wiped from their accounts. An exact value of the cryptocurrencies affected is still unknown, although estimates are in the millions. Mr Marszalek said Crypto.com plans to release more information in a blog post in the coming days.

Cyberattack on Red Cross Compromised Data of Over 515,000 ‘‘Highly Vulnerable People”

A cyberattack on a contractor used by the International Committee of the Red Cross (ICRC) has compromised the personal data of more than 515,000 "highly vulnerable people”, including people separated from their families by conflict and disaster, the organization said Wednesday. The hack has forced the Red Cross to shut down IT systems that support a program that reunites families separated by conflict, migration or disaster, the humanitarian organization said.

It is unclear who was responsible for the cyber incident, but the Red Cross said its "most pressing concern" was the potential for the compromised data to be leaked. There is no indication that has happened yet, according to the Red Cross.

At Request of US, Russia Rounds Up 14 REvil Ransomware Affiliates

The Russian government arrested 14 people accused of working for “REvil”, a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations. The Russian Federal Security Service (FSB) said the actions were taken in response to a request from US officials, but many experts believe the crackdown is part of an effort to reduce tensions over Russian President Vladimir Putin’s decision to station 100,000 troops along the nation’s border with Ukraine.

The FSB said it arrested 14 REvil ransomware members, and searched more than two dozen addresses in Moscow, St. Petersburg, Leningrad and Lipetsk. As part of the raids, the FSB seized more than USD 600,000, 426 million rubles (~USD 5.5 million), 500,000 euros, and 20 “premium cars” purchased with funds obtained from cybercrime.

Researchers Find Security Flaws in Chinese Government’s MY2022 Olympic App

A smartphone app that athletes and others attending next month’s Winter Games in Beijing must install has glaring security problems that could expose sensitive data to interception, according to a report. An internet watchdog group, said in its report the MY2022 app has seriously flawed encryption that would make users’ sensitive data — and any other data communicated through it — vulnerable to being hacked. Other important user data on the app wasn’t encrypted at all, the report found.

That means the data could be read by Chinese internet service providers or telecommunications companies through Wi-Fi hotspots at hotels, airports and Olympic venues. China is requiring all international Olympic attendees — including coaches and journalists — to download and start using the app 14 days before their departure.

Researchers Discover "Extremely Easy" 2FA Bypass in Box Cloud Management Software

Cloud management firm Box has moved to patch a flaw in its SMS-based two-factor authentication (MFA), just weeks after its temporary one-time password (TOTP)-based MFA was found to have vulnerabilities too.

Researchers outlined how the technique could allow an attacker to use stolen credentials to compromise an organization’s Box account and exfiltrate sensitive data without access to the victim’s phone. Once known, the vulnerability is extremely easy for an unsophisticated attacker to exploit. Attackers could compromise any Box user just by knowing or guessing their username and password – rendering MFA useless.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.