5 February 2021 | Asia Cyber Summary

Updated: May 19, 2021

In the Spotlight This Week

  • Singapore not ‘adversely affected’ in SolarWinds breach, government still encourages high-levels of vigilance

  • Password breach at British Mensa

  • US Federal payroll agency hacked using SolarWinds software flaw

  • Ransomware gangs made at least USD 350M in 2020

  • Average ransom payments declined last quarter

Singapore Not 'Adversely Affected' in SolarWinds Breach, Government Still Encourages High-Levels of Vigilance

While Singapore has yet to see any significant impacts from the SolarWinds security breach on its critical information infrastructures (CIIs) or government systems, the Government and the Cyber Security Agency of Singapore (CSA) urged organizations to safeguard their systems against potential threats. When news about the SolarWinds security breach broke, CSA raised the national cyber threat alert level as the SolarWinds software was part of the network control and management infrastructure and, hence, was trusted and had privileged access to internal networks.

Password Breach at British Mensa

The largest and oldest high IQ society in the world, Mensa, is said to have suffered a cyber attack. According to a Forbes report, the Mensa site was accessed by someone who had knowledge of a director’s login credentials. In an email to members, British Mensa said that “extensive investigations” by its web hosting company and developers have found “no evidence” that any data had been lost. The company’s former technology officer Eugene Hopkinson had identified and voiced his concerns regarding the society’s poor security posture from 2018, stating that storing passwords in plain text was not secure.

US Federal Payroll Agency Hacked Using SolarWinds Software Flaw

According to a Reuters report, The FBI has discovered that the National Finance Center (NFC), a U.S. Department of Agriculture (USDA) federal payroll agency was compromised by exploiting a SolarWinds Orion software flaw.

The software vulnerability used to break into NFC's systems is different from the one used by suspected Russian nation-state hackers to compromise the update mechanism of the Orion software to deploy the Sunburst backdoor on SolarWinds customers' systems.

Although the vulnerability was not named, Reuters reporters stated that the suspected Chinese hackers used the same security bug that made it possible for threat actors to deploy the Supernova backdoor on systems where vulnerable versions of the Orion platform had been installed.

Ransomware Gangs Made At Least USD 350M in 2020

Reports from blockchain analysis firm Chainanalysis found that ransomware gangs made at least $350 million in ransom payments last year, up 311% from 2019. The figure was compiled by tracking transactions to blockchain addresses linked to ransomware attacks.

Although Chainalysis possesses one of the most complete sets of data on cryptocurrency-related cybercrime, the company said its estimate was only a lower bound of the true total due. The company attributed this to the fact that not all victims disclosed their ransomware attacks.

Average Ransom Payments Declined Last Quarter

Latest Coveware reports based on data gathered from ransomware incidents the company helped triage in Q4 2020, showed a large decline in the average and median ransom amounts paid by victims to their attackers. In addition, fewer organizations gave in to cyber extortion demands if they had a chance to recover data from back-ups.

In Q4, average payments plunged by 34% to just over $154,000, while median payments also dropped 55% from $110,532 to $49,450 over the same period.

Having a team on call to respond to a ransomware attack in a timely and precise manner is crucial to retrieving your data without giving in to the attackers demand. Blackpanda’s expert ransomware response specialists can help guide you through a ransomware attack, helping minimize loss, recover encrypted data and facilitate negotiation and payment where necessary.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.