27 August 2021 | Asia Cyber Summary

In the spotlight this week:

  • Nearly 73,500 patients' data affected in ransomware attack on eye clinic in Singapore

  • Singapore: US pledge deeper collaboration in cybersecurity

  • Claimed AT&T hack of 70M customer records; carrier denies

  • Nokia subsidiary discloses data breach after Conti ransomware attack

  • Microsoft warns thousands of cloud customers of exposed databases

  • Malicious WhatsApp mod infects Android devices with malware

Nearly 73,500 Patients' Data Affected in Ransomware Attack on Eye Clinic in Singapore

A ransomware attack earlier this month affected the personal data and clinical information of nearly 73,500 patients of a private eye clinic, the third such reported incident in a month.The encrypted information included names, addresses, identity card numbers, contact details and clinical information such as patients’ clinical notes and eye scans, said Eye & Retina Surgeons (ERS). The clinic said it has not paid any ransom, adding that no credit card or bank account information was accessed or compromised.

Singapore: US Pledge Deeper Collaboration in Cybersecurity

Singapore and the US have inked a series of Memorandums of Understanding (MOUs) to widen their collaboration in cybersecurity across defence, financial, and research and development. Such initiatives will encompass further information sharing, joint exercises, training, and competency development. Three MOUs were signed on as part of US Vice President Kamala Harris' three-day visit to the Asian nation this week.

One of these involved an agreement between Singapore's Cyber Security Agency (CSA) and the US Cybersecurity and Infrastructure Security Agency (CISA) to deepen cooperation in cybersecurity beyond data sharing and exchanges. The two government agencies will look to include new areas of cooperation in critical technologies as well as research and development, amongst others.

Claimed AT&T Hack of 70M Customer Records; Carrier Denies

An AT&T hack of personal data from 70 million customers was claimed less than a week after a confirmed hack of tens of millions of T-Mobile customer records. In both cases, the data includes social security numbers. A well-known threat actor is selling private data that was allegedly collected from 70 million AT&T customers. The data included social security numbers, dates of birth, and other private information. The hacker is asking $1 million for the entire database (direct sell) and has provided RestorePrivacy with exclusive information for this report.

AT&T has issued a single-sentence statement that falls well short of a categorical denial: “Based on our investigation yesterday, the information that appeared in an internet chat room does not appear to have come from our systems”. The hacker said they are willing to reach “an agreement” with AT&T to remove the data from sale.

Nokia Subsidiary Discloses Data Breach after Conti Ransomware Attack

SAC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack where Conti operators were able to successfully breach its network, steal data, and encrypt systems. SAC Wireless helps customers design, build and upgrade cellular networks - including 5G, 4G LTE, small cell and FirstNet. The company discovered that its network had been breached by Conti ransomware operators on June 16, only after deploying their payloads and encrypting SAC Wireless systems. The Nokia subsidiary found that personal information belonging to current and former employees (and their health plans' dependents or beneficiaries) had also been stolen during the ransomware attack on August 13, following a forensic investigation conducted with the help of external cyber security experts.

Microsoft Warns Thousands of Cloud Customers of Exposed Databases

Microsoft warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher. The vulnerability is in Microsoft Azure's flagship Cosmos DB database. A research team at security company discovered it was able to access keys that control access to databases held by thousands of companies. Because Microsoft cannot change those keys by itself, it emailed the customers telling them to create new ones. Problems with Azure are especially troubling, because Microsoft and outside security experts have been pushing companies to abandon most of their own infrastructure and rely on the cloud for more security. But though cloud attacks are more rare, they can be more devastating when they occur. What's more, some are never publicized.

Malicious WhatsApp Mod Infects Android Devices with Malware

A malicious version of the FMWhatsapp mod delivers a Triada trojan payload, a nasty surprise that infects their devices with additional malware, including the very hard-to-remove xHelper trojan. FMWhatsApp promises to improve the WhatsApp user experience with added features such as better privacy, custom chat themes, access to other social networks' emoji packs, and app locking using a PIN, password, or the touch ID. However, as researchers found, the FMWhatsapp 16.80.0 version will also drop the Triada trojan on users' devices with the help of an advertising SDK. "This app was available on some popular WhatsApp mods distributing sites. We cannot share the links to them though," researchers said.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.