One in four APAC firms not sure if they suffered security breach
Pointing to the study findings, the analyst said organisations in the region still regarded security as an afterthought, with just 25 percent of respondents that had experienced a cyberattack saying they would consider cybersecurity before starting a digital transformation project. And when businesses in the region fell prey to cyberattacks, a large enterprise–with more than 500 employees–could potentially suffer an estimated economic loss of US$30 million, revealed a study by Frost & Sullivan. He added that just 20 percent of Asia-Pacific businesses regarded a cybersecurity strategy as an enabler of digital transformation, with 41 percent viewing such framework simply as a way to protect their organisation against cyberattacks. Across all organisations in the region, cybersecurity incidents last year were estimated to have resulted in economic losses totalling almost US$1. The study also revealed that 67 percent in Asia-Pacific saw jobs lost due to cyberattacks, while 57 percent in Singapore also saw job losses across different business functions and not limited to IT. 7 billion in economic losses, with a large enterprise potentially hit with an average economic loss of US$13. Some 34 percent that had not experienced an attack would do likewise and the remaining either had assessed the role of cybersecurity after they starting on a digital transformation project or had not considered security at all. To calculate induced losses, Frost & Sullivan assessed factors that could impact the broader ecosystem and economy, such as a drop in consumer and enterprise as the result of a security breach, explained Yu at a media briefing Friday. Direct losses encompassed factors such as drop in productivity, financial penalties, and remediation costs, while indirect losses looked at other variables such as job losses and customer churn as a result of the negative impact on the company’s reputation. According to Edison Yu, Frost & Sullivan’s vice president and Asia-Pacific head of enterprise, the research firm estimated the cost of cybersecurity incidents based on direct, indirect, and induced losses.
Supply chain sees spike in number of cyber attacks in 2017: Report
2017 saw a sharp increase in ransomware and other cyberattacks targeting the supply chain, with the business and professional services sector receiving a significant increase of attacks. The EMEA region in particular saw 20% of all attacks targeting this sector. These are the findings of the NTT Security 2018 Global Threat Intelligence Report published today by Dimension Data. The businesses and professional services sector received 10% of global ransomware attacks, the third most targeted industry (up from sixth position in 2016), behind finance and technology. It also ranked third in the Americas (nine %) and was the most vulnerable sector in EMEA, receiving 20% of all attacks. As ransomware-related outsourced incident response engagements against financial institutions declined (a drop from 22% in 2016 to 5% last year), the business and professional services supply chain has emerged as a prime target for trade secrets and intellectual property theft, potentially exposing customer and business partner data. Despite the drop in outsourced incident response engagements, the finance sector remains the number one target for cyber criminals who carry out regular reconnaissance to spot potential infrastructure and application vulnerabilities. Murtaza Bhatia, National Business Head, Cybersecurity, Dimension Data India said, “In India too, there are numerous moving parts to supply chains and outsourcing companies, which often run on disparate and out-dated network infrastructures, making them easy prey to cyber threat actors. Service providers and outsourcers are also a prime target, due to their trade secrets and intellectual property. Businesses need to wise-up to the very real threats against them and ensure of their operations are robustly and securely protected.” Technology was the second most cyber-attacked industry in 2017, with a 19% attack volume, with business and professional services moving to third place. Meanwhile, attacks on the government sector last year dropped to 5% from 9% in 2016. In 2017, there was a massive 350% rise in ransomware, representing 7% of all global malware attacks (up from 1% in 2016).
Chili’s restaurant chain is the last victim of a Payment Card Breach
On May 11, Brinker International company, which operates more than 1,600 Chili’s and Maggiano’s restaurants across 31 countries worldwide, announced to have suffered a data breach. Based on the details of the issue currently uncovered, thry believe that malware was used to gather payment card information including credit or debit card numbers as well as cardholder names from our payment-related systems for in-restaurant purchases at certain Chili’s restaurants. “This notice is to make you aware that some Chili’s restaurants have been impacted by a data incident, which may have resulted in unauthorized access or acquisition of your payment card data, and to provide you information on steps you can take to protect yourself and minimize the possibility of misuse of your information. The company issued a notice to warn people that recently used their payment cards at a Chili’s restaurant of a possible data breach, according to the initial investigation crooks infected payment systems with a malware. ” The company highlighted that it does not collect social security numbers, dates of birth or other personal information, it immediately activated the incident response plan and is currently working with third-party forensic experts to investigate the incident. Cybercriminals siphoned payment card data from some Chili’s restaurants between March and April 2018. The malicious code was used to harvest credit and debit card numbers as well as cardholder names from PoS systems in the restaurants. Major restaurant chains are a privileged target for cybercriminals, last year many companies suffered a data breach including Amazon’s Whole Foods Market, Arby’s, and Chipotle. Customers can visit a web page set up by the company to receive more information on the data breach. http://brinker.mediaroom.com/ChilisDataIncident
PANDA Banker malware used in several campaigns aimed at banks, cryptocurrency exchanges and social media
In March, security researchers at Arbor Networks discovered a threat actor targeting financial institutions in Japan using the latest variant of the Panda Banker banking malware (aka Zeus Panda, PandaBot. Panda Banker was first spotted in 2016 by Fox-IT, it borrows code from the Zeus banking Trojan and is sold as a kit on underground forums, In November 2017, threat actors behind the Zeus Panda banking Trojan leveraged black Search Engine Optimization (SEO) to propose malicious links in the search results. Researchers at security firm F5 recently detected several campaigns leveraging the Panda Banker malware to target financial institution, the largest one aimed the banks in the US. “Panda is still primarily focused on targeting global financial services, but following the worldwide cryptocurrency hype, it has expanded its targets to online cryptocurrency exchanges and brokerage services. ” Experts observed a spike in the activity associated with the malware in February when the malicious code was used to target financial services and cryptocurrency sites in Italy with screenshots rather than webinjects. The third campaign aimed at financial institutions in Latin America, most of them in Argentina, Columbia, and Ecuador, The same campaign also targeted social media, search, email, entertainment, and tech provider as the other attacks. Social media, search, email, and adult sites are also being targeted by Panda. In May, the experts monitored three different Panda Banker campaigns each focused on different countries. Panda is targeting Japan, the authors removed the Content Security Policy (CSP) headers: remove_csp – 1 : The CSP header is a security standard for preventing cross-site scripting (XSS), clickjacking and other code injection attacks that could execute malicious code from an otherwise trusted site. ” This campaign leverage the same attack techniques as previously described, and it is able to keylog popular web browsers and VNC in order to hijack user interaction session and steal personal information.” states the analysis.
Massive DDoS attack hit the Danish state rail operator DSB
The Danish state rail operator DSB was hit by an unprecedented DDoS cyber attack, the attack was confirmed on Monday by the company and reported by The Local media outlet. The attack was launched on Sunday and paralyzed the ticketing system and prevented passengers across the country from buying tickets. “Tickets purchases via the company’s app, ticket machines, website and in 7-Eleven stores were all out of action due to the issue on Sunday.” reported The Local. “Passengers with Rejsekort travel cards were able to use that system, while others purchased tickets from ticket inspectors on board trains.” The state rail operator DSB restored normal operations on Monday morning The company experts confirmed the attack from an external source with the specific intent to destroy the operations at the state rail operator DSB. The hackers took offline also internal mail system and the telephone infrastructure. The only way to communicate with the customers was represented by social media. The train safety was not compromised by hackers, assured the deputy director. “Our technicians and IT contractors have analysed this closely during the night and have concluded this is an outside attack in which someone has attempted to bring our system down,” DSB vice-director Aske Wieth-Knudsen said. We have previously been subjected to an attack and, of course, we have made some processes to avoid this. The type of attack we saw yesterday is a new way of doing it, as we have not seen before. So it needs to be analyzed a bit closer, exactly what has happened so we can prevent it from repeating, says Aske Wieth-Knudsen.” Wieth-Knudsen told DR. The company is investigating the issue along with Danish authorities and are monitoring the situation to prevent further attacks. “At this moment in time I have not yet been in contact with anyone. We are still clarifying some messages, since the attack was only resolved during the night,” he told Ritzau. “Now the day has started we will naturally contact relevant bodies,” he added. Asked Wieth-Knudsen from DSB confirmed that the company has not been paid any kind of ransom in connection with the cyber assault.
More than 800,000 DrayTek routers at risks due to a mysterious zero-day exploit
Initially, the company suspected that victims of the attacks were using DrayTek routers with default credentials, but one of them clarified that its device wasn’t using factory settings, a circumstance that confirms that attackers are in possession of a zero-day exploit. Your DNS settings should be either blank, set to the correct DNS server addresses from your ISP or DNS server addresses of a server which you have deliberately set (e. Many users reported on Twitter cyber attacks against its routers, in these cases, hackers have changed DNS settings of the routers to point to a server having the 38. Routers manufactured by the Taiwan-based vendor DrayTek are affected by a zero-day vulnerability that could be exploited by attackers to change DNS settings on some of its routers. The recent attacks have attempted to change DNS settings of routers. “In May 2018, we became aware of new attacks against web-enabled devices, which includes DrayTek routers. DrayTek confirmed to be aware that hackers are attempting to exploit the zero-day vulnerability to compromise its routers. It is likely attackers are conducting a Man-in-the-Middle attack to redirect users to bogus clones of legitimate sites to steal their credentials. Searching for DrayTek routers online with Shodan we can find more than 800,000 connected devices connected online, some of them could be potentially compromised with the mysterious exploit. 95 – if you see that, your router has been changed.
Russian Telegrab malware harvesting Telegram Desktop credentials, cookies, desktop cache, and key files
While the first variant of the Telegrab malware only stole text files, browser credentials, and cookies, the second version also implements the ability to collect data from Telegram’s desktop cache and Steam login credentials to hijack active Telegram sessions. Cisco Talos researchers blame “weak default settings” on the Telegram Desktop version, the Telegrab malware, in fact, abuses the lack of Secret Chats that are not implemented on the desktop version of the popular application. Cisco Talos experts explained that the Telegrab malware works “by restoring cache and map files into an existing Telegram desktop installation if the session was open. Last month, the Russian authorities blocked the Telegram app in the country because the company refused to hand over encryption keys of its users to Federal Security Service (FSB) of Russia for investigation purposes. “Telegram session hijacking is the most interesting feature of this malware, even with limitations this attack does allow the session hijacking and with it, the victims’ contacts and previous chats are compromised,” says the Talos team. ecurity experts from Cisco Talos group have spotted a new strain of malware that is targeting the desktop version of end-to-end encrypted instant messaging service Telegram. “Over the past month and a half, Talos has seen the emergence of a malware that collects cache and key files from end-to-end encrypted instant messaging service Telegram. “In summary, by restoring cache and map files into an existing Telegram desktop installation, if the session was open. The malicious code is a variant of the Telegrab malware that was first spotted in the wild on 4 April 2018, it has been designed to harvest cache and key files from Telegram application. Now the analysis of the malware revealed it was developed by a Russian-speaking attacker “with high confidence,” the threat actor is mostly targeting Russian-speaking victims.
Mexican central bank confirmed that SWIFT hackers stole millions of dollars from Mexican Banks
The Mexican central bank did not disclose the name of the banks that were hit by the cyber attack and did not detail the overall amount of money that crooks have stolen. Mexican central bank is the last victim of the SWIFT hackers, officials at the bank confirmed this week that hackers hit the payments system and stole millions of dollars from domestic banks. ” According to reports, Mexico’s central following the latest cyber attacks has created a cybersecurity division, and it has instituted a one-day waiting period on electronic funds transfers of more than $2,500. “Perhaps, some financial institutions perceived the attacks in Bangladesh as something very distant,” said Alejandro Diaz de Leon who believes that some Mexican banks may not have invested in sufficient security measures. “Central bank Governor Alejandro Diaz de Leon said on Monday that the country had seen an unprecedented attack on payment system connections and that he hoped that measures being taken would stop future incidents. According to Alejandro Diaz de Leon, head of Mexico’s central bank, crooks were able to complete illicit transactions of $18 million to $20 million. The attack was discovered in late April and presents many similarities with past attacks against the SWIFT systems. “A source close to the government’s investigation said more than 300 million had been siphoned out of banks, but it was not clear how much had subsequently been taken out in cash withdrawals. ” Mexican depositors won’t be affected, but the overall losses for the local banks could be greater than initially thought. ” reported the Reuters.
Misconfigured CalAmp server allowed hacker to take over a lot of vehicles
This was the first time the experts analyzed this type of server, they had to improvise and after removing all parameters they discovered they were logged in as a user with limited rights but with access to a lot of reports. The experts discovered that using the credentials for the user created from the viper app it was possible to login the panel. ” Further tests allowed the researchers to verify that the portal was secured, but during the assessment, the experts discovered that the reports were delivered by another dedicated server running tibco jasperreports software. The experts were searching for security vulnerabilities in the Viper SmartStart system, a device that allows users to remotely start, lock, unlock, or locate their vehicles directly using a mobile app on their smartphones. ” The researchers gained access to all the reports for all the vehicles (including location history), and also data sources with usernames (the passwords were masked and there was no possibility to export them. The availability of all production databases on the server, including CalAmp connect device outlook, was exploited by the researchers to take over a user account via the mobile application. Security researchers Vangelis Stykas and George Lavdanis discovered that a misconfigured server operated by the CalAmp company could allow anyone to access account data and takeover the associated vehicle. As with many other mobile applications, it used secure connections with SSL and Certificate Pinning (Hard-code in the client the certificate is known to be used by the server) to automatically reject a connection from sites that offer bogus SSL certificates. Removing all the parameters we found out that we were already logged in with a limited user that had access to A LOT of reports. The server also allowed for the copying and editing any existing reports.
Rail Europe North America hit by payment card data breach
Upon discovery that this malicious intrusion may have compromised users’ personal information, we immediately cut off from the Internet all compromised servers on February 16, 2018, and engaged information security experts to assist with forensic analysis, system restoration and security hardening” According to the notice of data breach, hackers accessed registered users’ personal information including name, gender, delivery address, invoicing address, telephone number, email address, credit/debit card number, expiration date and CVV of customers, and, in some cases, username and password. “RENA” or “we”) is writing to let you, as a customer of RENA, know about a recent data security incident that may have involved your credit card or debit card information and other personal information” reads the notice sent by the company to its customers. The website allows users to buy European train tickets, according to the company the data breach lasted at least three months (between November 29, 2017 and February 16, 2018), the incident exposed also customers’ payment card data. “RENA has also provided notice to the credit card brands and our credit/debit card transaction processors. “In this case, however, the hackers were able to affect the front end of the Rail Europe website with ‘skimming’ malware, meaning customers gave payment and other information directly to the hackers through the website,” said Comparitech privacy advocate Paul Bischoff. “While the details haven’t been fully disclosed, the fact that this went on for three months shows a clear lack of security by Rail Europe. The security breach was discovered after a bank inquiry informed the organization of an attack. ” continues the notice. MyIDCare services include: 12 months of Credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, exclusive educational materials and fully managed id theft recovery services. “In addition, we are offering identity theft protection services through ID Experts®, he data breach and recovery services expert, to provide you with MyIDCare™.