28 Aug 2020 | Asia Cyber Summary

Updated: Aug 28

In The Spotlight This Week:


• Business Email Compromise: Learn how to prevent, identify, and resolve BEC fraud.


• The University of Utah pays $475,000 to recover ransomware data


• Google patches major bug, 7 hours after exploit details released




What is Business Email Compromise? Prevent, Identify, and Resolve.


Business Email Compromise (BEC) attackers can monitor your sensitive email communications for months (even years!), impersonating senior employees to steal information or wire funds. BEC is far more silent, expensive, and common than you think, and financial hubs like Singapore and Hong Kong are prime targets for such attacks. Learn how to prevent, identify, and resolve BEC fraud. Read here.




The University of Utah Pays $457,000 to Ransomware Gang


Ransomware attacks are expensive and on the rise, accounting for 18% of all attacks in Asia-Pacific last year. The education sector is particularly targeted for large amounts of personal data and relatively lax cyber security—especially with teachers and students continuing to work and learn from home.


Example: The University of Utah earlier this week revealed that it paid a ransomware gang $457,059 in Bitcoin in order to avoid hackers leaking student information online. Luckily, the university's cyber insurance policy paid part of the ransom, while the university covered the remainder.




Google Patches Major Gmail Bug Seven Hours After Exploit Details Go Public


Gmail and Gsuite users experienced a major security bug that impacted Gmail and GSuite email servers. The bug could have allowed threat actors to send spoof emails mimicking any Gmail or GSuite user, as it appears to be compliant with SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance), two of the most advanced email security standards.


The bug, first discovered in April was patched seven hours after a blog post including details of the bug and proof-of-concept exploit codes were made public.




Iranian Hackers Exposed RDP Servers To Deploy Dharma Ransomware


It doesn’t take much experience to become a ransomware attacker these days. Low-skill Iranian hackers have joined the ransomware business and are targeting companies worldwide. Financially motivated and looking for quick cash, the group deploys Dharma ransomware on their targets using publicly available tools. Their demand for the release of information is relatively low, between 1–5 Bitcoin (currently $11,700–$59,000).


While these threat actors are the new kids on the block, they are not to be underestimated. This is an unfortunate trend we are seeing where advanced tools and techniques are now available to criminals with limited technical skills. To combat the relative ease with which these tools can now be deployed, businesses should ensure they have modern EDR solutions in place, with regular backups, and an incident response procedure that is regularly rehearsed.




Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.

Copyright © 2020 Blackpanda.
All Rights Reserved.

HONG KONG

Room 37, Level 5, Core F

Cyberport 3

100 Cyberport Rd

Hong Kong

+852 6975 1099

SINGAPORE

6 Raffles Quay
#11-07
Singapore (048580)

+65 6692 9110

JAPAN

301, 2-7-18

Nishiazabu Minato-ku

Tokyo 106-0031

+81 80 2077 9824

MALAYSIA

D1-U3A-6 Solaris Dutamas

Jalan Dutamas 1

50480 Kuala Lumpur

+60 3 6206 2582

PHILIPPINES

Penthouse, World Plaza Bldg.

5th Ave., Bonifacio Global City

Taguig City 1634

+63 2 8250 6110

  • LinkedIn
  • Facebook
  • Twitter