7 January 2022 | Asia Cyber Summary

Updated: Feb 7

In the Spotlight this Week:

  • Giordano let off for compliance with its data protection obligations

  • China harvests masses of data on Western targets, documents show

  • New Zloader banking malware campaign exploiting Microsoft signature verification

  • Purple Fox rootkit discovered in malicious Telegram installers

  • SAILFISH system finds 47 zero-day flaws on Ethereum Blockchain

Giordano Let Off for Compliance with Its Data Protection Obligations

A recent decision of the Personal Data Protection Commission (“PDPC”) demonstrates the importance of compliance with data protection obligations. Giordano Originals (s) Pte Ltd (“Giordano”) reported to the PDPC of an illegitimate network access and ransomware virus of both the OS and server, which had taken place around 12 July 2020.

Post-incident, Giordano had swiftly responded with additional precautionary measures to alleviate the consequences of such data breaches. These included, amongst others, conducting training for staff to tackle phishing, security checks and further steps to supervise and control such data breaches. It was noted that there was no proof that any decryption of personal data had taken place. In addition, Giordano could completely reinstate or repopulate the personal data affected from its backup system(s). The Deputy Commissioner for Personal Data Protection was convinced that Giordano had complied with its data protection obligations and accordingly, no additional enforcement measures were imposed on Giordano.

China Harvests Masses of Data on Western Targets, Documents Show

China is turning a major part of its internal Internet-data surveillance network outward, mining Western social media, including Facebook and Twitter, to equip its government agencies, military and police with information on foreign targets, according to a Washington Post review of hundreds of Chinese bidding documents, contracts and company filings.

China maintains a countrywide network of government data surveillance services — called public opinion analysis software — that were developed over the past decade and are used domestically to warn officials of politically sensitive information online. The software primarily targets China’s domestic Internet users and media, but a Post review of bidding documents and contracts for over 300 Chinese government projects since the beginning of 2020 include orders for software designed to collect data on foreign targets from sources such as Twitter, Facebook and other Western social media.

New Zloader Banking Malware Campaign Exploiting Microsoft Signature Verification

An ongoing ZLoader malware campaign has been uncovered exploiting remote monitoring tools and a nine-year-old flaw concerning Microsoft's digital signature verification to siphon user credentials and sensitive information.

"It seems like the ZLoader campaign authors put great effort into defense evasion and are still updating their methods on a weekly basis", researchers said, urging users to refrain from installing software from unknown sources and apply Microsoft's strict Windows Authenticode signature verification for executable files.

Purple Fox Rootkit Discovered in Malicious Telegram Installers

Researchers have warned that the Purple Fox rootkit is now being distributed through malicious, fake Telegram installers online. Purple Fox is being disguised through a file named "Telegram Desktop.exe." Those that believe they are installing the popular messaging service are, instead, becoming laden with the malware -- and the infection process has made it more difficult to detect.

Given that the malware now contains a rootkit, worm functionality, and has been upgraded with a more robust backdoor, the inclusion of a stealthier infection process means that cybersecurity researchers will likely be keeping a close eye on this malware's future development.

"The beauty of this attack is that every stage is separated to a different file which is useless without the entire file set," researchers noted. "This helps the attacker protect his files from AV detection".

SAILFISH System finds 47 zero-day flaws on Ethereum Blockchain

A group of academics from the University of California, Santa Barbara, has demonstrated what it calls a "scalable technique" to vet smart contracts and mitigate state-inconsistency bugs, discovering 47 zero-day vulnerabilities on the Ethereum blockchain in the process.

The researchers evaluated Sailfish on 89,853 contracts obtained from Etherscan, identifying 47 zero-day flaws that could be leveraged to drain Ether and even corrupt application-specific metadata. This also includes a vulnerable contract implementing a housing tracker that could be abused in a manner such that a house owner can have more than one active listing. The findings of the study will be shared at the IEEE Symposium on Security and Privacy (S&P) to be held in May 2022.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.