25 June 2021 | Asia Cyber Summary

FEATURED VIDEO | Blackpanda x SentinelOne

Rising share of Cyberattacks in APAC

Financial institutions in APAC are traditionally underserved by the cybersecurity market compared to North America and Europe - While attacks are growing in the region, cybersecurity maturity is quite lagging. Because of that, a lot of the cyber-attacks we see are on legacy networks that aren’t prepared to defend against the most advanced threats.

Watch the full webinar replay as Kevin McCaffrey, Vice-President at Blackpanda, and Kelvin Wee, Security Engineering Director at SentinelOne, dissect a real-world ATM fraud case study here.

In the Spotlight This Week:

  • Indonesia and Vietnam receive bulk of SMB cryptomining attacks in Southeast Asia

  • SonicWall sees 226.3 million ransomware attack attempts this year

  • Wormable DarkRadiation ransomware targets Linux and Docker instances

  • EU wants emergency team for 'nightmare' cyber-attacks

  • Cyberattack on Polish government officials linked to Russian hackers

  • Hackers are trying to attack big companies. Small suppliers are the weakest link

Indonesia And Vietnam Receive Bulk Of SMB Cryptomining Attacks In Southeast Asia

SMBs in Indonesia and Vietnam have, for the second year in a row, weathered more crypto-mining incidents than in any other country.

Malicious cryptocurrency malware used in crypto-mining is typically employed by cyber criminals to tap into hardware they don’t own. The hardware could be smartphones, computers, tablets or servers. The illicit miners harness the processing power of such devices to mine for cryptocurrencies like Bitcoin.

Kaspersky claims that it blocked more cryptomining attacks on Southeast Asian SMBs than any other kind of cyber attack in 2020 – roughly 8.93 million during the year.

SonicWall Sees 226.3 Million Ransomware Attack Attempts This Year

SonicWall’s global detection network picked up a total of 226.3 million attempted ransomware attacks between January and May 2021, a 116% increase on the same period in 2020, highlighting the rapid ascent of ransomware as the most profitable weapon in the cyber criminal arsenal.

SonicWall said it saw dramatic increases in almost every market, even in those such as the US and UK, where ransomware attacks were already fairly common. The US saw a 149% spike, and the UK 69%.

Wormable DarkRadiation Ransomware Targets Linux And Docker Instances

Cybersecurity researchers at SentinelOne have disclosed a new ransomware strain called "DarkRadiation" that's implemented entirely in Bash and targets Linux and Docker cloud containers, while banking on messaging service Telegram for command-and-control (C2) communications.

In addition to reporting the execution status, along with the encryption key, back to the adversary's Telegram channel through the API, DarkRadiation also comes with capabilities to stop and disable all running Docker containers on the infected machine, after which a ransom note is displayed to the user.

"Malware written in shell script languages allows attackers to be more versatile and to avoid some common detection methods," SentinelOne researchers said.

EU Wants Emergency Team For 'Nightmare' Cyber-Attacks

The European Commission has announced plans to build a Joint Cyber Unit to tackle large scale cyber-attacks. Recent ransomware incidents on critical services in Ireland and the US has "focused minds", the commission said.

It argued cyber-attacks were a national security threat, as incidents in Europe rose from 432 in 2019 to 756 in 2020.

A dedicated team of multi-national cyber-experts will be rapidly deployed to European countries during serious attacks, it said. Launching the proposals, European Commission vice-president Margaritis Schinas said last month's hack on US fuel supplies was 'the "nightmare scenario that we have to prepare against".

Cyberattack On Polish Government Officials Linked To Russian Hackers

A recent string of cyberattacks targeted at thousands of Polish email users, including government officials, have been linked by the Polish intelligence services to a Russian hacking group.

“The findings of the Internal Security Agency and the Military Counterintelligence Service show that the UNC1151 group is behind the recent hacker attacks that hit Poland,” Stanisław Żaryn, a spokesperson for the Polish Minister Coordinator of Special Services, said in a translated statement Tuesday.

“The secret services have reliable information at their disposal which [links] this group with the activities of the Russian secret services,” he said. Żaryn noted that given past actions of the UNC1151 hacking group, Polish officials believed the attacks on Poland were part of a larger effort to destabilize Central European nations.

Hackers Are Trying To Attack Big Companies. Small Suppliers Are The Weakest Link

Cybersecurity vulnerabilities in small and medium-sized businesses in the defence industry are leaving the companies – and larger organisations further up the supply chain – vulnerable to cyberattacks.

Researchers at cybersecurity company BlueVoyant examined hundreds of SMB defence company subcontractor firms and found that over half had severe vulnerabilities within their networks, including unsecured ports and unsupported or unpatched software, making them vulnerable to cyberattacks including data breaches and ransomware.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.