7th May 2021 | Asia Cyber Summary

Updated: May 18, 2021


Congratulations to our partners at Pandamatics Underwriting for launching their cyber insurance coverholder in Singapore! Following their success in the Hong Kong market and with the backing of both Lloyds of London syndicates Chaucer and Hiscox, Pandamatics Underwriting is now able to write up to USD 5M of coverage in both Hong Kong and Singapore.

For more information on Pandamatics Underwriting and their cyber insurance policies, check out their website at pandamatics.com

In The Spotlight This Week:

  • Massive DDoS attack takes large sections of Belgium’s internet offline

  • Three new malware families found in global finance phishing campaign

  • Panda Stealer (no relation!) dropped in Excel files, spreads through Discord to steal user cryptocurrency

  • Pulse Secure VPNs get a fix for critical zero-day bugs

  • Adobe Flash: Final updates to remove it from your Windows 10 PCs for good

Massive DDoS Attack Takes Large Sections of Belgium’s Internet Offline

A massive distributed denial of service (DDoS) attack took down the websites of more than 200 organizations across Belgium, including government, parliament, universities, and research institutes. The DDoS attack started on Tuesday 4 May and overwhelmed the web sites with traffic, rendering their public-facing sites unusable for visitors, while the attack overwhelmed internal systems, cutting them off from the internet.

The attack targeted Belnet, the government-funded ISP provider for the country's educational institutions, research centres, scientific institutes and government services – including government ministries and the Belgian parliament. Belgium's central authority for cybersecurity, the Center for Cybersecurity Belgium (CCB), has been contacted following the attack to help contain and resolve it. Belgium authorities did not attribute the DDoS attack to any specific threat actor.

Three new malware families found in global finance phishing campaign

Researchers have found three new malware families used in a widespread phishing campaign entrenched in financial crime. FireEye's Mandiant cybersecurity team said the malware strains, dubbed Doubledrag, Doubledrop, and Doubleback, were detected in December 2020. Organizations in the US, EMEA region, Asia, and Australia have, so far, been targeted in two separate waves.

Panda Stealer dropped in Excel files, spreads through Discord to steal user cryptocurrency

A new cryptocurrency stealer variant is being spread through a global spam campaign and potentially through Discord channels. Dubbed “Panda Stealer”, Trend Micro researchers said this week that the malware has been found targeting individuals across countries including the US, Australia, Japan, and Germany.

The malware begins its infection chain through phishing emails. Samples uploaded to VirusTotal also indicate that victims have downloaded executables from malicious websites via Discord links.

While the campaign has not been attributed to specific cyberattackers, Trend Micro says that an examination of the malware's active command-and-control (C2) servers led the team to IP addresses and a virtual private server (VPS) rented from Shock Hosting. The server has since been suspended.

Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs

Pulse Secure has rushed a fix for a critical zero-day security vulnerability in its Connect Secure VPN devices, which has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance, and government targets, as well as victims in Europe. Pulse Secure also patched three other security bugs, two of them also critical RCE vulnerabilities.

The zero-day flaw, tracked as CVE-2021-22893, was first disclosed on April 20 and carries the highest possible CVSS severity score, 10 out of 10. An exploit allows remote code-execution (RCE) and two-factor authentication bypass. The bug is being used in the wild to gain administrator-level access to the appliances.

Adobe Flash: These updates will remove it from your Windows 10 PCs, for good

Microsoft is preparing to issue two more Windows 10 updates in June and July that will eliminate unsupported Adobe Flash Player from Windows PCs for good. The update KB4577586 called "Update for Removal of Adobe Flash Player" has been available as an optional update since October and now looks set for a broader deployment. Flash Player officially reached end of life on December 31, 2020.

Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.