5 November 2021 | Asia Cyber Summary

FEATURE WEBINAR:


Blockchain’s big bang in Web 3.0 has generated a lot of excitement for the Crypto and the defi industry, but looming cybersecurity issues are converging with the global blockchain boom.


Blackpanda joins experts in this webinar on Blockchain’s biggest cyber threats and keep up-to-date with innovative tech offerings at the ‘On-Chain Security Showcase’.


Register here: https://www.airmeet.com/e/dd1a9940-360f-11ec-a8af-cd5e74f26671

In the spotlight this week:

  • Ransomware infects ‘Minecraft’ accounts in Japan

  • Luxury hotel chain in Thailand reports data breach

  • Google patches android zero day exploited in targeted attacks

  • Microsoft announces new targeted security solution for SMBs

  • BlackMatter ransomware gang announces shutdown

Ransomware Infects ‘Minecraft’ Accounts in Japan

Japanese Minecraft players have been given quite the shock as a list posing as alternative account details for cheaters turns out to actually be a ransomware file. Minecraft players in Japan have been looking for, and downloading, what they think is a list of stolen account usernames and password. The list is a variant of Chaos ransomware.


Exactly how the fake list is being distributed is currently a mystery, but the publication believes it is being advertised on Minecraft forums for Japanese players. The ransomware is posing as a text file via an icon, but when it is downloaded it uses malware on files. The ransomware also changed the users desktop wallpaper to a black background with red text, with a message asking the impacted user to pay the ransom.



Luxury Hotel Chain in Thailand Reports Data Breach

The Desorden Group—which claimed responsibility for two recent attacks on laptop maker Acer—said it was behind the attack on Centara Hotels & Resorts. The cyberattackers had in fact breached their system and accessed the data of some customers. The data accessed includes names, booking information, phone numbers, email addresses, home addresses and photos of IDs.


In addition to the hack on Centara Hotels & Resorts, Desorden claimed to have breached the servers of Central Group, which owns the hotel chain and more than 2,000 restaurants across Thailand. That breach involved 80GBs of files, including personal information of customers and business details of each restaurant. The stolen files also allegedly include business data and employee information.


Google Patches Android Zero-Day Exploited in Targeted Attacks

Google announced the availability of the November 2021 security updates for Android and warned that one of the patched vulnerabilities has been exploited in attacks. The zero-day vulnerability is tracked as CVE-2021-1048 and Google says there is evidence that the flaw has been exploited in limited, targeted attacks.


The targeted nature of the attacks suggests that they have been carried out by a state-sponsored threat group, likely for espionage purposes. The November 2021 Android updates patch a total of nearly 40 vulnerabilities, and Google says the most severe of them affects the System component and can allow a remote attacker to execute arbitrary code in the context of a privileged process.


Microsoft Announces New Endpoint Security Solution for SMBs

Microsoft announced the upcoming availability of Microsoft Defender for Business, an enterprise-grade endpoint security solution catered for small and medium-sized businesses (SMBs). The solution is meant for organizations of up to 300 employees, to keep them protected from rising cyber threats, such as ransomware attacks and other types of malware intrusions.


Defender for Business promises capabilities such as antivirus, threat and vulnerability management, and endpoint detection and response (EDR), across a broad range of desktop and mobile platforms, including Windows, macOS, Android, and iOS. SMBs will be able to focus on addressing weaknesses that pose the highest risk to their environments, as well as to reduce attack surface with application control, ransomware mitigation, network and web protection, and firewall. The solution also provides next-generation protection (on device and in the cloud) and automated investigation and remediation, while also allowing admins to automate workflows and integrate security data into existing solutions.


BlackMatter Ransomware Gang Announces Shutdown

This week, the cyber criminals behind the BlackMatter Ransomware-as-a-Service (RaaS) operation announced plans to close shop. Active since July 2021, BlackMatter is the product of the Coreid cybercrime group, which also operated the DarkSide ransomware. BlackMatter’s use in assaults on critical infrastructure entities in the United States has resulted in the US government recently issuing an alert on the RaaS operation. The highest ransom demand made by the BlackMatter gang was USD 30 million, requested to Olympus Corporation in Japan.


Despite the shutdown announcement, security researchers believe that the gang will not retire completely. In fact, security experts say that BlackMatter will likely return under a different name, just as DarkSide did. They also warn that some of the group’s members might join active RaaS operations out there and encourage organizations to strengthen their defenses against ransomware and other malicious attacks.



Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.