28 Aug 2020 | Asia Cyber Summary

Updated: Aug 28, 2020

In The Spotlight This Week:

• Business Email Compromise: Learn how to prevent, identify, and resolve BEC fraud.

• The University of Utah pays $475,000 to recover ransomware data

• Google patches major bug, 7 hours after exploit details released

What is Business Email Compromise? Prevent, Identify, and Resolve.

Business Email Compromise (BEC) attackers can monitor your sensitive email communications for months (even years!), impersonating senior employees to steal information or wire funds. BEC is far more silent, expensive, and common than you think, and financial hubs like Singapore and Hong Kong are prime targets for such attacks. Learn how to prevent, identify, and resolve BEC fraud. Read here.

The University of Utah Pays $457,000 to Ransomware Gang

Ransomware attacks are expensive and on the rise, accounting for 18% of all attacks in Asia-Pacific last year. The education sector is particularly targeted for large amounts of personal data and relatively lax cyber security—especially with teachers and students continuing to work and learn from home.

Example: The University of Utah earlier this week revealed that it paid a ransomware gang $457,059 in Bitcoin in order to avoid hackers leaking student information online. Luckily, the university's cyber insurance policy paid part of the ransom, while the university covered the remainder.

Google Patches Major Gmail Bug Seven Hours After Exploit Details Go Public

Gmail and Gsuite users experienced a major security bug that impacted Gmail and GSuite email servers. The bug could have allowed threat actors to send spoof emails mimicking any Gmail or GSuite user, as it appears to be compliant with SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance), two of the most advanced email security standards.

The bug, first discovered in April was patched seven hours after a blog post including details of the bug and proof-of-concept exploit codes were made public.

Iranian Hackers Exposed RDP Servers To Deploy Dharma Ransomware

It doesn’t take much experience to become a ransomware attacker these days. Low-skill Iranian hackers have joined the ransomware business and are targeting companies worldwide. Financially motivated and looking for quick cash, the group deploys Dharma ransomware on their targets using publicly available tools. Their demand for the release of information is relatively low, between 1–5 Bitcoin (currently $11,700–$59,000).

While these threat actors are the new kids on the block, they are not to be underestimated. This is an unfortunate trend we are seeing where advanced tools and techniques are now available to criminals with limited technical skills. To combat the relative ease with which these tools can now be deployed, businesses should ensure they have modern EDR solutions in place, with regular backups, and an incident response procedure that is regularly rehearsed.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.