30th April 2020 | Asia Cyber Summary

In the Spotlight This Week

  • DigitalOcean data breach exposes customer billing information

  • 3.2 billion leaked passwords contain 1.5 Million records of government emails

  • Ransomware growing at an alarming rate, warns GCHQ chief

  • Ransomware gang makes USD 260,000 in five days

  • New stealthy Linux malware used to backdoor systems for years

  • New cryptomining malware builds an army of Windows, Linux bots


REvil Gang Threatens to Sell Stolen Apple Blueprints


The REvil ransomware gang asked Apple to "buy back" stolen product blueprints to avoid having them leaked on REvil's leak site before today's Apple Spring Loaded event.


The ransomware gang wants Apple to pay a ransom by May 1st to prevent its stolen data from being leaked and added that they are also "negotiating the sale of large quantities of confidential drawings and gigabytes of personal data with several major brands."


REvil tried to extort Apple only after Quanta Computer, a leading notebook manufacturer and one of Apple's business partners, refused to communicate with the ransomware gang or pay the ransom demanded after they allegedly stole "a lot of confidential data" from Quanta's network.


In a negotiation chat on REvil's payment site seen by BleepingComputer, REvil warned that "drawings of all Apple devices and all personal data of employees and customers will be published with subsequent sale" if Quanta did not begin negotiating a ransom. After that time frame expired, REvil published the schematics on their data leak site.



Breach at Codecov Prompts Federal Investigation


U.S. federal investigators are probing an intrusion at San Francisco-based software auditing company Codecov that affected an unknown number of its 29,000 customers, the firm said, raising the specter of knock-on breaches at companies elsewhere.


Codecov said in a statement hackers began tampering with its software – which is used across the tech industry to help test code for mistakes and vulnerabilities – on January 31. However, the intrusion was only detected earlier this month when an astute customer noticed there was something off about the tool, Codecov said.


Although the ramifications of the incident remain unclear, the breach drew comparisons to the recent compromise of Texas software firm SolarWinds (SWI.N) by alleged Russian hackers, both because the breach could have follow-on effects at many of the organizations that use Codecov and because of the length of time that the doctored software remained in circulation.




61% of Companies Hit by Ransomware in 2020


The latest State of Email Security report from Mimecast, based on a study of over 1,200 IT and cybersecurity leaders, shows businesses faced unprecedented cybersecurity risks in 2020.

Ransomware impacted 61 percent of respondents, a 20 percent increase over last year's report, while 79 percent say their companies experienced a business disruption, financial loss, or other setback in 2020 due to a lack of cyber preparedness.


Companies affected by ransomware lost an average of six working days to system downtime, with 37 percent saying downtime lasted a week or more. More than half (52 percent) of ransomware victims paid the threat actor ransom demands, but only two-thirds of those were able to recover their data. The remaining third never saw their data again, despite paying the ransom.


If you are hit with a ransomware attack, Blackpanda's expert ransomware response specialists will guide your organization through a ransomware attack, helping minimize loss, recover encrypted data, and facilitate payment. Reach out to us for assistance.




Rise in QR Code Usage Poses Potential Dangers to Consumers


A side effect of the COVID-19 pandemic has been a rise in QR code usage as the need for touchless transactions has increased. However, there is a lack of understanding of the risks QR codes can pose.


A new study from automation platform Ivanti reveals that 47 percent of respondents know that a QR code can open a URL, only 37 percent are aware that a QR code can download an application, and only 22 percent are aware that it can give away your physical location. As QR codes continue to increase in popularity and use, they will undoubtedly be leveraged more and more by cyberattackers to infiltrate devices and steal corporate data.



Hackers are Exploiting a Pulse Secure 0-day to Breach Organisations Worldwide


Hackers backed by nation-states are exploiting critical vulnerabilities in the Pulse Secure VPN to bypass two-factor authentication protections and gain stealthy access to networks belonging to a raft of organizations in the US Defense industry and elsewhere, researchers said.


At least one of the security flaws is a zero-day, meaning it was unknown to Pulse Secure developers and most of the research world when hackers began actively exploiting it, security firm Mandiant said in a blog post published Tuesday. Besides CVE-2021-22893, as the zero-day is tracked, multiple hacking groups—at least one of which likely works on behalf of the Chinese government—are also exploiting several Pulse Secure vulnerabilities fixed in 2019 and 2020.




Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.