March 12th 2021 | Asia Cyber Summary

Updated: May 19

BLACKPANDA FEATURE

Blackpanda CEO and Co-Founder, Gene Yu, and Lockton Companies Specialities Growth Leader, Jessica Wright, on the updated Monetary Authority of Singapore (MAS) incident investigation and response requirements. The speakers discuss cyber risks to financial institutions, the requisite technical capabilities for investigation, and the role standalone cyber insurance plays in streamlining more comprehensive and cost-effective incident response within the MAS-mandated 14-day deadline. Watch here.


In the spotlight this week:

  • Flaw in Microsoft Exchange server leaves 30,000 organizations vulnerable

  • Sequoia Capital hacked by phishing scam

  • IT operator SITA reports systems breach exposing frequent flyer data

  • Microsoft reveals 3 new malware strains used by SolarWinds hackers

  • Cyberattackers target top Russian cybercrime forums

  • Cyber insurance premiums to dominate by 2021



Flaw in Microsoft Exchange Server Leaves 30,000 Organizations Vulnerable

An unusually aggressive Chinese cyber espionage unit exploited four newly-discovered flaws in Microsoft Exchange Server email software and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total remote control over affected systems. On March 2nd, Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 that hackers were actively using to siphon email communications from Internet-facing systems running Exchange. Security experts have highlighted that the detection and cleanup process will be a massive effort for the thousands of state and city governments, fire and police departments, school districts, financial institutions, and other organizations that were affected.

Sequoia Capital Hacked by Phishing Scam

Sequoia Capital, one of the largest and most successful venture capital firms in the world, has informed investors that some of their personal and financial information may have been accessed by a third party after a Sequoia employee's email was successfully phished. Sequoia is a venture capital focused on energy, financial, enterprise, healthcare, internet, and mobile startups, and has 1100+ corporate clients, as well as more than 200 international clients, with portfolio companies like Airbnb, DoorDash, and Robinhood. Sequoia is working together with law enforcement and cybersecurity experts to remediate the issue.

IT Operator SITA Reports System Breach Exposing Frequent Flyer Data

Data on hundreds of thousands of airline passengers around the world was hacked on the 24th of February via a “highly sophisticated” attack on the IT systems operator SITA that serves around 90% of the global aviation industry. SITA acted swiftly and initiated targeted containment measures. The matter remains under continued investigation by SITA’s security incident response team with the support of leading external experts in cyber security. The breach was linked to frequent flyer data but was limited to names, tier status, and membership numbers.

Microsoft Reveals 3 New Malware Strains Used By SolarWinds Hackers

Microsoft has revealed information on newly found malware the SolarWinds hackers deployed on victims' networks as second-stage payloads. Security researchers with the Microsoft Threat Intelligence Center (MSTIC) and the Microsoft 365 Defender Research Team found three new malware strains named GoldMax, Sibot, and GoldFinder. The Nobelium hackers used these malware strains during late-stage activity between August and September 2020. They are tailor-made for specific networks and are assessed to be introduced after the actor has gained access through compromised credentials or the SolarWinds binary and after moving laterally with TEARDROP and other hands-on-keyboard actions.

Cyberattackers Target Top Russian Cybercrime Forums

Maza, an online forum for fraudsters and extorters to connect and pull off their operations, has been breached by an unknown attacker in the latest string of attacks targeting elite Russian-language cybercrime forums. These forums provide an avenue for threat actors to gain access to ransomware-as-a-service tools, launder stolen money, and get advice on how to improve their crimes. Members are now worried that their data is being used by researchers and law enforcement to track down their true identities.

Cyber Insurance Premiums to Dominate By 2021

Aon Inpoint – Aon’s data, analytics, engagement, and consulting team – has predicted that by 2021 the most rapid growth of premiums will be seen in cyber insurance products, with a global market worth estimated at $730 billion and an annual growth rate of 5.3%. Aon Inpoint points to cyber premiums’ significant 23% annual growth over the past five years in estimating worldwide premiums at $4 billion by 2021. Michael Moran, CEO of Aon Inpoint, said, “As we look ahead, we are seeing a broad shift of companies putting a greater value on intangible assets, such as cyber and intellectual property.”



Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.