22 October 2021 | Asia Cyber Summary

In the spotlight this week:

  • Singapore employment agency hacked, IC scans and salaries of 40,000 job seekers uploaded online

  • Acer confirms breach of servers in Taiwan

  • Philippines is the top target of banking malware in Asia-Pacific

  • Free Chinese VPN exposed data from over a million users

  • US Government issues urgent warning on BlackMatter ransomware

  • Microsoft warns of new security flaw affecting Surface Pro 3 devices

Singapore Employment Agency Hacked, IC Scans and Salaries of 40,000 Job Seekers Uploaded Online

The personal details of 40,000 job applicants have been leaked online, following a cyber attack on an employment agency. Protemps Employment Services, had its entire server swiped and deleted earlier this month. The details include scans of their identity cards or passports, their phone numbers, salaries, jobs and home addresses. Most of the job seekers appeared to be Singaporean. The hackers, known as Desorden Group, declared that they were behind the attack. The leaked data has already been accessed by at least 60 different entities. The Group is known to target organisations relating to supply chains. Desorden Group's modus operandi is to pilfer data from its targets and demand ransom. When victims fail to pay, the group then sells the data on the black market.

Acer Confirms Breach of Servers in Taiwan

Taiwanese tech giant Acer has confirmed that, in addition to servers in India, hackers breached some of its systems in Taiwan. The hackers claimed to have obtained information on millions of customers, login credentials used by thousands of retailers and distributors, and various corporate and financial documents. Acer immediately confirmed the breach of its Indian servers, but described it as an isolated attack targeting its after-sales service systems in India. The hackers later said they also breached some Acer systems in Taiwan, and claimed that Malaysia and Indonesia servers were vulnerable as well. The attackers allegedly stole employee information from the servers in Taiwan.

Philippines is the Top Target of Banking Malware in Asia-Pacific

The Philippines had the highest number of users attacked by banking Trojans — a type of malicious software — in the Asia-Pacific (APAC) region this year. According to cybersecurity firm Kaspersky, the country accounts for 22.26% of all banking Trojans discovered in the region in 2021. The rise of digital payments in the region paired with insufficient protective measures in personal devices have led to banking Trojans counting among the most impactful malware for online consumers. Other vulnerable countries include Bangladesh (12.91%) and Cambodia (7.16%), according to data.

Free Chinese VPN Exposed Data from over a Million Users

Researchers have discovered unencrypted data of about a million users of Quickfox, a free virtual private network (VPN) service primarily used to access Chinese sites from outside of mainland China. The total leaked data was made up of over 500 million records and totaled over 100GB. About a million of these records had PII of users, including MD5 hashed passwords, which WizCase claims can not withstand modern password crackers. The leaked data did not just contain the IP address assigned to the user, but also the user’s original IP address from which they connected to the VPN service. It is unclear why the VPN was collecting this data, as it is unnecessary for its process and it is not standard practice seen with other VPN services.

US Government Issues Urgent Warning on BlackMatter Ransomware

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) this week published a joint advisory to warn organizations of an increased threat posed by the BlackMatter ransomware gang. Active since July 2021, BlackMatter is believed to be the successor of DarkSide, a ransomware-as-a-service (RaaS) that shut down operations in May 2021. To mitigate the threat posed by BlackMatter and other ransomware families, organizations of all types are advised to implement detection signatures, use strong passwords on all accounts, implement multi-factor authentication, keep systems updated, restrict user access to resources, and use firewalls and network segmentation.

Microsoft Warns of New Security Flaw Affecting Surface Pro 3 Devices

Microsoft published a new advisory warning of a security bypass vulnerability affecting Surface Pro 3 convertible laptops that could be exploited by an adversary to introduce malicious devices within enterprise networks and defeat the device attestation mechanism. Tracked as CVE-2021-42299 (CVSS score: 5.6), the issue has been codenamed "TPM Carte Blanche". CVE-2021-42299 can be abused to fetch a false Microsoft DHA certificate by obtaining the TCG Log — which records measurements made during a boot sequence — from a target device whose health the attacker wants to impersonate, followed by sending a valid health attestation request to the DHA service.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.