ISMG's Weekly APAC Cybersecurity News
Every week, ISMG rounds up the latest and the most impactful cybersecurity news and developments from across the Asia-Pacific. This week's stories include a former NCS employee wiping the company’s virtual servers following a bitter exit, Bangladeshi officials selling citizens’ data for millions, a cyberattack destroying Japan’s largest video-sharing platform, China conducting hackathons and contests to recruit the brightest hackers, Maharashtra spending $100 million to develop cutting-edge cyber capabilities, hackers breaching a Singapore telecom firm, and researchers uncovering 24 vulnerabilities in a Chinese biometric access system.
Bangladeshi authorities are investigating two senior police personnel who used legitimate credentials for the national spy agency's database to collect data on millions of citizens and sell it to buyers on Telegram and other social channels. The accused officials, both superintendents of police assigned to the Anti-Terrorism Unit and a Rapid Action Battalion unit known as Rab-6, logged in to the agency's National Intelligent Platform multiple times between March 25 and April 25, and exfiltrated citizens' information, including their national identification numbers, call detail records and other sensitive data.
Japan's largest video-sharing platform, Niconico, suspended services indefinitely after a suspected cyberattack locked employees out of multiple servers at parent company Kadokawa. The Kadokawa group, a Japanese media conglomerate that owns the Niconico platform, announced Sunday that it had to shut down some of its online services including the entire Niconico service, the group's official website, its e-commerce site Ebten, and several other websites. Niconico, which boasts about 89 million active members and nearly 1.43 million premium members, said Monday that its IT team will "rebuild the entire system" from scratch following the cybersecurity incident that occurred in the early hours of June 8.
A likely Pakistani cyberespionage operation has expanded its tool set it first targeted Indian officials with nearly a decade ago. That's probable evidence the threat actor has "seen a high degree of success," said researchers from Cisco Talos. The firm said that a threat actor it dubbed "Cosmic Leopard" is the source of Trojans infecting Windows and Android devices in a multiyear, multi-campaign effort it calls Operation Celestial Force. Talos said it attributes with high confidence Cosmic Leopard's nexus with Pakistan.
A Singapore court has sentenced a former employee of Singapore-based NCS Group to two years and eight months in prison for accessing the company's software test environment and wiping 180 virtual servers months after his employment ended. NCS said the ex-employee continued to enjoy access to the test environment as a result of "human oversight" due to which his access to the system was not terminated when his employment ended. The incident brought to light the company's data security failings, such as not terminating an ex-employee's access to business-critical systems, failing to notice repeated and unauthorized access to the test environment, not having any backups to restore the wiped servers, and failing to refresh employee passwords to prevent insider breaches.
领英推荐
The government of Maharashtra in India has provided the first tranche of approximately $3 million to pure-play engineering and technology services company, L&T Technology Services, to establish dozens of cybersecurity command centers across the state to enhance authorities' ability to respond to cybercrime complaints and crack down on fraud networks. The disbursement forms part of the state government's $100 million contract with the technology company in March to utilize cutting edge forensic tools, such as deep fake detection, mobile malware forensics, IoT investigation, network forensics, voice analysis labs, social media forensics, and hardware forensic tools to detect and investigate cybercrime incidents.
Beijing is using domestic capture-the-flag and other hacking competitions to spot, develop and recruit new hacking talent domestically, as well as to gather and route information about zero-day flaws to the country's military and intelligence apparatus, according to cybersecurity researcher Eugenio Benincasa, who's a senior researcher in the Cyberdefense Project with the Risk and Resilience Team at the Center for Security Studies at Switzerland's public research university ETH Zurich. Multiple winners of hacking competitions have gone on to create China-based capture-the-flag competitions or launch startups that focus on discovering zero-day vulnerabilities that they route to Chinese military and security agencies, he said.
Researchers from Kaspersky discovered as many as 24 vulnerabilities in a biometric access system made by Chinese manufacturer ZKTeco that accepts facial scans as well as passwords, QR codes and an electronic card as authentication methods. Many of the vulnerabilities uncovered originate from an error in the database wrapper library. Researchers grouped these as "multiple vulnerabilities" based on their type and cause, leading to a smaller number of CVEs. A vulnerability tracked as CVE-2023-3940 involves flaws in a software component that allow arbitrary file reading, granting attackers access to sensitive biometric data and password hashes. Another vulnerability - CVE-2023-3942 - allows attackers to retrieve sensitive information from the devices' databases via SQL injection.
A financially motivated hacker claims to have stolen over 34 gigabytes of data belonging to Singapore-based Telecom company Absolute Telecom PTE Ltd. The hacker dubbed GhostR claims to have access to the company's data including corporate, accounting, sales, customers, full credit card details and call records. With a track record of data breaches claimed on a criminal forum named BreachForums, GhostR last week allegedly stole data from an Australian logistics company Victorian Freight Specialists.