3 December 2021 | Asia Cyber Summary

In the Spotlight this Week:

  • Japanese electronics giant Panasonic discloses data breach

  • DBS Bank blames access control servers for two day service disruption

  • 22,000 data subjects affected in S&R cyber attack

  • Attackers actively target Windows installer zero-day

  • Crypto hackers are using Babadeda Crypter to make their malware undetectable

Japanese Electronics Giant Panasonic Discloses Data Breach

Japanese multinational conglomerate Panasonic has disclosed a security breach that it says involved unnamed threat actors accessing servers on its network. The company says it reported the incident to relevant authorities and implemented "security countermeasures"—including "steps to prevent external access to the network”. Panasonic has also brought on a third-party specialist to investigate what it calls a "leak”, and to determine if it involved customers' personal data and/or sensitive information.

The threat actors reportedly gained access to customer and employee information before Panasonic picked up the abnormal network traffic. The Panasonic breach follows a string of other attacks on Japanese tech firms in recent years.

DBS Bank Blames Access Control Servers For Two Day Service Disruption

DBS Bank has attributed the source of a service glitch to "access control servers", which it says left many customers unable to log into their accounts. The Singapore bank has been instructed by the local regulator to investigate the cause of the problem that lasted two days. The bank gave no other details on what caused the issue with its access control servers or whether there was a cyber security breach.

"This is a serious disruption and MAS expects DBS to conduct a thorough investigation to identify the root causes and implement the necessary remedial measures”, said Marcus Lim, MAS' assistant managing director for banking and insurance. The industry regulator said it was notified by DBS about its access control servers and was following up with the bank on the issue.

22,000 Data Subjects Affected in S&R Cyber Attack

The recent cyber attack against S&R Membership Shopping compromised the personal data of around 20,000 individuals. Data included the birth date, contact number, and gender of the compromised individuals.

The NPC (National Privacy Commission) ordered S&R to provide the incident’s technical report from their third-party cyber security firm. The company also assured its team “acted immediately and decisively” to execute their cybersecurity protocols, allowing them to resume system operations. “Although there have been numerous reports of cyber-attacks in the Philippines, we strongly condemn their criminal acts perpetrated against private companies and we are treating this matter very seriously”, said S&R.

Attackers Actively Target Windows Installer Zero-Day

Attackers are actively exploiting a Windows Installer zero-day vulnerability that was discovered when a patch Microsoft issued for another security hole inadequately fixed the original and unrelated problem. Researchers discovered a Windows Installer elevation-of-privilege vulnerability tracked as CVE-2021-41379 that Microsoft patched a couple of weeks ago as part of its November Patch Tuesday updates.

If exploited, the POC, called InstallerFileTakeOver, gives an actor administration privileges in Windows 10, Windows 11 and Windows Server when logged onto a Windows machine with Edge installed. Due to the “complexity” of the vulnerability, the best workaround available for the flaw at this time is to wait as any attempt to patch the binary directly will break Windows installer.

Crypto Hackers Using Babadeda Crypter to Make Their Malware Undetectable

A new malware campaign has been discovered targeting cryptocurrency, non-fungible token (NFT), and DeFi aficionados through Discord channels to deploy a crypter named "Babadeda" that is capable of bypassing antivirus solutions and stage a variety of attacks.

Researchers attributed the attacks to a threat actor from a Russian-speaking country. Targeting cryptocurrency users through trusted attack vectors gives its distributors a fast-growing selection of potential victims. Once on a victim's machine, masquerading as a known application with a complex obfuscation also means that anyone relying on signature-based malware effectively has no way of knowing Babadeda is on their machine — or of stopping it from executing.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.