A suspected supply chain cyber incident that includes Oracle Cloud has drawn attention from cybersecurity researchers and enterprise users alike. According to cybersecurity firm CloudSEK, a threat actor identified as “rose87168” claims to have accessed and extracted sensitive data from Oracle Cloud systems, including files and passwords associated with over 140,000 customer environments.

The data—allegedly obtained from Oracle’s Single Sign-On (SSO) and Lightweight Directory Access Protocol (LDAP) systems—includes encrypted credentials, Java KeyStore (JKS) files, and Enterprise Manager JPS keys. CloudSEK says the attack affects tenants across multiple regions and industries, with six million records reportedly compromised.

The activity was first observed in March 2025. In addition to listing the data for sale, the attacker has also used an X account to follow Oracle-related profiles, a move researchers believe may be intended to identify or pressure affected organisations.

Ransom demands and potential exploits

CloudSEK’s report suggests the threat actor has been active since January 2025 and is now demanding payment from companies included in the dataset. The actor is also said to be requesting help to decrypt the credentials in exchange for sharing parts of the data.

The breach appears to have involved the “login.(region-name).oraclecloud.com” endpoint, which is usually used to authenticate users on Oracle Cloud platforms. CloudSEK suspects that the attacker exploited an Oracle WebLogic Server vulnerability to access login services across different regions.

While the actor has no prior known history, researchers have noted the use of advanced tactics and an awareness of Oracle’s infrastructure.

CloudSEK has assigned a high-severity rating to the incident, citing risks such as data leaks, unauthorised access, and broader supply chain vulnerabilities if the stolen credentials are decrypted. The exposure of key files could, in theory, allow attackers to compromise systems connected to affected Oracle environments.

In response, CloudSEK has recommended immediate action from organisations using Oracle Cloud. Suggested steps include resetting credentials, conducting forensic investigations, monitoring dark web sources for leaked data, and reinforcing access controls.

Oracle denies any breach of its cloud systems

Following reports of a possible breach, Oracle has responded by stating that no intrusion into its cloud infrastructure has occurred. A company spokesperson told The Register that the credentials circulating online are not linked to Oracle Cloud and that no customer data has been exposed.

“There has been no breach of Oracle Cloud,” the spokesperson said. “The published credentials are not for the Oracle Cloud. No Oracle Cloud customers experienced a breach or lost any data.”

The denial comes after a user claiming to be behind the incident posted on a cybercrime forum, offering what they described as Oracle Cloud customer data for sale. The individual also uploaded a file to one of Oracle’s login servers—specifically login.us2.oraclecloud.com—as apparent proof of access. The file contained an email address tied to the seller and was archived on the Internet Archive’s Wayback Machine earlier this year.

Security researchers explore possible entry points

Security analysts reviewing the claims noted that the affected Oracle Cloud login server appeared to be running Oracle Fusion Middleware 11G as recently as February 2025. CloudSEK believes the server may not have been patched against CVE-2021-35587, a known critical vulnerability in Oracle Access Manager’s OpenSSO Agent.

If unpatched, that vulnerability could allow an attacker to gain access without authentication via a publicly available exploit. Whether this route was used in the alleged intrusion has not been confirmed, and Oracle has not commented further on the security posture of its login servers.

Data listing and extortion attempts surface online

On March 21, a user going by “rose87168” listed six million records for sale on BreachForums, claiming the data included Java KeyStore files, encrypted SSO and LDAP passwords, and Enterprise Manager keys. While the exact number of potentially affected organisations remains unclear, the attacker shared domain names of companies allegedly caught in the exposure and suggested that those wishing to avoid publication could pay for their information to be removed.

No specific asking price has been disclosed publicly, but the attacker reportedly approached Oracle with a demand for more than $200 million in cryptocurrency in exchange for full disclosure of the attack. That request was not accepted.

The forum post also included a call for help in decrypting the credentials. The attacker claimed they were unable to access the full dataset themselves but offered to share portions of it with anyone willing to assist.

The post Reports of Oracle Cloud data breach raise questions amid denials appeared first on TechWire Asia.

Shopping for games may seem like a workaday experience – but that would be to mischaracterize the impact of the action completely. As Black Friday and Cyber Monday continue to mark key moments in the global retail calendar, the gaming community’s excitement reaches unprecedented heights. These events offer more than just standard discounts; they present an opportunity for gamers to significantly enhance their gaming experience.

A recent Kaspersky study revealed that 71% of gamers seize on these occasions to acquire various items from their wishlists, underlining the importance of these discount seasons in their gaming journey.

Explosive growth and transformation of shopping for video games and its market

The global video games market is witnessing a remarkable surge, forecasted to grow at an annual rate of 9.3% from 2023 to 2028. By 2028, the industry is expected to amass nearly US$390 billion in market value, reflecting the soaring popularity of video games as a significant form of entertainment globally. This growth extends beyond gaming and shopping for games as such, into gamers’ shopping behaviors, paralleling the general consumer population’s enthusiasm for sales events.

During these sales, the strategic and focused nature of gamers becomes evident. Approximately 74% of gamers view these sales as essential for upgrading their gaming setups, often setting alerts for new game and equipment releases to ensure they don’t miss out. Their eagerness to embrace the latest gaming technology showcases their passion and anticipation for these events. They are the textbook definition of engaged consumers.

Simultaneously, spontaneous buying is also prevalent among gamers. Around 48% often find themselves influenced by unexpected offers or influencer endorsements, adding an element of excitement to their shopping experience during these sales. This spontaneity complements their well-thought-out purchase strategies, demonstrating the dynamic nature of consumer behavior in the gaming community.

In line with broader consumer trends, gamers primarily use smartphones (79%) and PCs (49%) to access sales, underscoring the blend of convenience and accessibility offered by modern technology. The increasing adoption of cryptocurrency further highlights this tech-savvy approach as a payment method in the gaming world. Despite security concerns, a considerable segment of consumers, especially those aged 25 to 44, are incorporating cryptocurrency into their transactions, extending to online and in-store purchases.

Cryptocurrency’s emerging role in retail

Cryptocurrency’s role in consumer spending is rapidly evolving. It’s not merely an alternative payment method but is increasingly viewed as the future of online shopping. During major sales events like Black Friday, 51% of consumers prefer paying with cryptocurrency, reflecting a shift in payment preferences. The diverse use of cryptocurrency among consumers spans various purchases, extending beyond gaming-related items to daily necessities and significant investments.

Retailers are now facing the challenge of adapting to the growing demand for cryptocurrency payments. With 68% of consumers expressing a desire to use cryptocurrency for specific purchases but encountering limitations, retailers need to integrate cryptocurrency as a viable payment option. Bitcoin remains the most trusted cryptocurrency option, with 83% of consumers considering it safe, followed by Ethereum and USD Coin. Despite concerns about volatility and scams, the inclination toward regular cryptocurrency use is unmistakable, signaling a potential shift in transaction methods for the future.

The video gaming industry, poised to reach an annual revenue of US$249.60 billion in 2023, has encouraged players to invest more in in-game items and gaming equipment. This spending trend is particularly noticeable during Black Friday and Cyber Monday, with gamers strategically leveraging these sales. Their use of cryptocurrency during these events underscores the convergence of gaming passion with modern shopping strategies.

Marina Titova, vice-president of consumer product marketing at Kaspersky, emphasizes the importance of security in the digital world. Kaspersky Premium, for example, offers comprehensive solutions, including online payment and identity protection, a data leaks checker, and a reliable VPN to ensure safe gaming and shopping experiences.

The involvement of the gaming community in global sales events is a multifaceted mix of strategy, spontaneity, and technological adaptation. As the gaming industry expands, its influence in shaping retail trends, particularly in adopting innovative payment methods like cryptocurrency, grows. Gamers’ participation in these sales events goes beyond enhancing their gaming experience; it reflects their role as influential consumers in the real world, setting new trends in consumer spending and indicating a significant shift in the retail and digital payment industries.

Kaspersky’s tips for secure online shopping – for games, and everything else

As the fusion of gaming enthusiasm with savvy shopping strategies during sales events becomes more prominent, it’s crucial to consider the aspect of digital security. In this regard, Kaspersky offers several practical tips to enhance online shopping security, essential to gamers and general consumers.

Directly enter the store’s URL

To avoid falling prey to phishing attempts, Kaspersky advises manually typing the store’s URL into the web browser’s address bar instead of clicking on links in emails. This precaution helps bypass fraudulent sites that mimic legitimate ones, protecting personal and financial information.

Opt for a temporary or virtual credit card

To further safeguard against data theft, especially during high-traffic sales seasons, utilizing temporary or virtual credit cards is recommended. Provided by many banks, these cards generate a new account number for each transaction, reducing the risk of financial information being misused by hackers.

Use a password manager for strong, unique passwords

Managing multiple passwords can be daunting in the era of complex digital interactions. Kaspersky suggests using a reliable password manager to create, manage, and secure unique passwords for different online accounts, enhancing overall cybersecurity.

These security measures, combined with gamers’ strategic shopping habits and technological savviness, contribute to a safer and more enjoyable online shopping experience. It underscores the importance of being vigilant and proactive about digital security, especially in an era where gaming, shopping, and technology are increasingly intertwined.

As the gaming industry continues to influence global markets and consumer trends, understanding the dynamics of digital security becomes pivotal. Gamers, at the forefront of embracing new technologies and shopping methods, also need to be aware of safeguarding their online presence. This comprehensive approach, blending gaming enthusiasm with smart shopping tactics and robust digital security practices, encapsulates the future of consumer behavior. It heralds a new era where gaming, shopping, and secure digital transactions coexist, shaping the landscape of retail and online entertainment.

The post How shopping for games is changing the face of retail, and driving cybersecurity appeared first on TechWire Asia.

Razer, a company that has previously grappled with data breaches, is currently under scrutiny for another possible breach. This time, the threat involves its Razer Gold digital currency. This situation echoes an incident from 2020, where a security oversight resulted in the unintentional disclosure of personal details, including addresses and phone numbers, from over 100,000 accounts.

The information of this potential breach initially surfaced through a Twitter user, @FalconFeedsio. According to the tweet, a hacker using a hacker forum alleges possessing Razer’s database, source code, encryption key, and more. The same gaming firm suffered a data leak back in 2020. However, the credibility of this recent claim is yet to be substantiated.

Interestingly, the alleged hacker seeks payment in the form of Monero, a type of cryptocurrency renowned for providing absolute anonymity for its users. The asking price is a staggering US$100,000 for the complete package. Unlike most mainstream cryptocurrencies, Monero’s transactions can’t be tracked or verified due to its advanced privacy technologies.

Razer has acknowledged the problem and promptly issued a statement: “We were alerted to a potential hack on July 9, 2023 impacting Razer Gold. Upon learning about the breach, the team immediately conducted a thorough review of all Razer’s websites and have taken all necessary steps to secure our platforms. Razer is still in the midst of investigations, and we remain committed to ensuring the digital safety and security of all our customers. Once investigations have concluded, Razer anticipates that we will report this matter to the relevant authorities.”

Razer Gold serves as a universal virtual credit system for gamers worldwide, facilitating purchases in more than 42,000 games and entertainment platforms, including popular titles like Clash of Clans, Genshin Impact, and on platforms like the Nintendo eShop. Users of Razer Gold accumulate rewards in the form of Razer Silver, which can then be used to acquire or avail discounts on Razer products. However, the specifics of the impact of this potential breach on Razer Gold – whether it affects their website or the digital wallets – remain uncertain.

The current breach, if confirmed, has some similarities with and stark differences to the previous one. During the prior incident, a server misconfiguration exposed the personal and shipping details of nearly 100,000 global Razer customers. Following this breach, Razer took its IT vendor Capgemini to court. The lawsuit stemmed from an incident where a former Capgemini employee inadvertently altered a line of code, leading to a security compromise.

Consequently, data within the system was exposed to the public between June 18, 2020, and September 10, 2020. Razer secured a compensation amount of US$6.5 million from the High Court on December 9, 2022, for the mishap. However, Capgemini’s legal representatives lodged an appeal for nominal damages instead, arguing that despite being alerted to the breach five times by a cybersecurity consultant, Razer failed to act.

What the experts think about the ‘data breach’

Tech Wire Asia approached Phillip Ivancic, the APAC Head of Solutions Strategy at Synopsys Software Integrity Group, for his insights on the situation. Ivancic underscored an area of vulnerability often neglected: the crucial importance of safeguarding software development environments, mainly where source code resides.

Ivancic referred to this environment as a CI/CD (Continuous Integration / Continuous Development) pipeline. He explained, “This is where developers are always adding to and enhancing software and its underlying source code.”

The value of source code to potential attackers, Ivancic believes, is twofold:

1. Intellectual property theft: The source code unveils the mechanics of a company’s products and the business processes underpinning the organization. If this information falls into the wrong hands, it could be of tremendous commercial value to attackers.
2. Vulnerability Exploitation: Source code, once obtained, can be scrutinized offline to identify weaknesses and plan future attacks. Having the blueprint, attackers can gain a deep understanding of any inherent vulnerabilities, equipping them with the knowledge to design malicious exploits tailored to these software weaknesses.

“To effectively protect a CI/CD pipeline companies need to have an effective strategy and framework focused on CI/CD pipelines and security controls. Furthermore, companies should engage in sophisticated attack simulations (often referred to a Red Team exercise) to ensure the security controls on their software development pipelines are effective against a cunning adversary,” he concluded.

Here’s an explanation on how CI/CD pipeline works:

Satnam Narang, a senior staff research engineer at Tenable, also chimed in with his views on the situation. He pointed out that the recent purported attack on Razer highlights the critical role of data security. Threat actors gain unauthorized entry to sensitive data through several avenues, from exploiting weaknesses and utilizing social engineering tactics like spearphishing to misconfiguring cloud storage, targeting third-party associates, and launching supply chain assaults.

All organizations are susceptible to such threats, but leading companies like Razer are often in the crosshairs of cybercriminals.

“Though the investigation into the alleged breach is ongoing, we see that stolen data remains a lucrative business opportunity for all types of attackers,” he emphasized. “In ransomware, we see the theft of and threat to publish stolen, sensitive data, lead to ransom demands that range in the tens of thousands to the millions.”

Narang further indicated that in some situations akin to this one, the sellers adopt a modus operandi reminiscent of typical criminals peddling stolen jewelry from their coat pockets. These cyber miscreants aim for the most profitable deal. Yet, they are open to negotiating the price, prioritizing swift transactions, as possession of such stolen data often attracts the attention of law enforcement.

What does this mean for the gaming industry?

The recent security breach involving Razer Gold, a considerable one, sends ripples across the gaming industry. It doesn’t merely emphasize the business risks involved; it points out a grave threat to the industry’s consumer trust and overall stability.

Firstly, incidents like this bring to the forefront the intensifying cybersecurity challenges that gaming companies grapple with in the digital age. As the gaming industry swells and leans more heavily on digital currencies and online platforms for transactions, it inevitably becomes a larger target for cyber threats.

Cybercriminals see the gaming world as a potential goldmine, given how gamers regularly spend on character enhancements, tools, and aesthetic changes – microtransactions that, in aggregate, generate billions of dollars. A study by The Business Research Company anticipates the online microtransaction market to reach a staggering US$106.02 billion by 2026, representing an 11.9% CAGR. Furthermore, gaming communities are recognized for their philanthropy, with Twitch alone seeing charitable donations amounting to US$145 million between 2011 and 2019, which included an impressive US$42 million in 2019 alone.

To threat actors, the gaming universe is laden with appealing targets. Hacking into user accounts could give them access to in-game currencies, assets, account information, or even entire gaming accounts. These loots can then be traded in the shadowy corners of the dark web. If they can breach the walls of a gaming company, they could snatch the source code, unravel game cheats, or even employ classic ransomware strategies to encrypt files and expose extracted data.

The second fallout of a breach like Razer’s could trigger a significant shift in the gaming industry’s approach to cybersecurity. It may call for a reevaluation and potential overhaul of current security practices, pressuring gaming companies to pour more resources into heightened security measures. These can range from stronger encryption to regular security audits and comprehensive employee training to bolster safeguarding sensitive data. The focus on the security of CI/CD pipelines, as highlighted by Ivancic, should be heightened in these efforts.

Furthermore, this breach may ignite discussions surrounding the security and practicality of employing digital currencies within gaming ecosystems. While digital currencies cater to users with a fluid and often rewarding transaction experience, they also introduce substantial security risks. This occurrence might stir a deeper delve into the advantages and disadvantages of digital currencies in gaming, prompting the industry to explore more secure ways of handling these platforms.

The use of online game currency could also act as a conduit for money laundering schemes. Malicious entities could open a game account, build a profile, and then use stolen funds or hacked credit card numbers to buy as much in-game currency and accessories as possible. The next step would be to sell their account to an innocent buyer, completing the money laundering cycle.

To pay or not to pay the ransom?

The potential breach at Razer has brought to the forefront a pivotal dilemma: should a company yield to the demands of a cyber attacker for a ransom or not? Companies grappling with this predicament often find themselves in a seemingly impossible situation with apparently no beneficial outcome, irrespective of their decision.

On one hand, the temptation to meet the ransom demands is substantial, as it offers the potential to regain access to the compromised systems and possibly stave off the exposure of sensitive data. However, paying the ransom could stimulate analogous attacks in the future, and there’s no certainty that the perpetrator will uphold their end of the bargain. It is crucial to remember that such attackers operate beyond societal laws and norms, making their assurances unreliable.

Alternatively, the decision to decline the ransom could potentially lead to the exposure of sensitive data, with repercussions including damage to the company’s reputation, loss of consumer trust, penalties from regulatory bodies, and more. Furthermore, the recovery costs following a cyberattack often surpass the original ransom amount.

An integral component in this decision matrix is the nature of the compromised data. If the data is highly sensitive, like proprietary source code or client information, the company may feel an increased pressure to pay the ransom to inhibit its disclosure. However, such payment doesn’t guarantee that the data hasn’t been duplicated or that it won’t be maliciously exploited in the future.

In Australia, the stance on ransom payments is quite clear. The Australian Cyber Security Center (ACSC) strongly discourages companies from capitulating to such demands as they might sometimes be considered illegal. Under the Criminal Code Act 1995 and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006, it’s deemed a grave offense to support or finance criminal activities. Therefore, paying a ransom could be construed as illegal and is advised against.

The most effective strategy for any company is to invest in preventative measures and establish robust cybersecurity protocols. This includes continuous monitoring, regular audits of systems, training of employees, and creating robust incident response plans. Coupled with cyber insurance, these measures can aid in reducing the chances of a breach and mitigate potential damages in the event of an attack.

The post Here’s what we know about the Razer “data breach” so far appeared first on TechWire Asia.

Such is the case of Malaysia’s Universiti Teknologi Mara (UiTM). The Malaysian university recently had the personal information of some 12,000 university applicants exposed on an unsecured link. The information, which included identity card numbers, sparked even more concerns about data and private security after the university just announced an apology for the mistake it made in handling the data and deactivated the link.

For now, no further action was taken by the university towards how the leak could have occurred. No further action has also been taken by regulatory authorities towards the university, despite the data of 12,000 applicants being exposed. While Malaysian Communications and Digital Minister Fahmi Fadzil did announce that the investigation on the data leak was ongoing, the Personal Data Protection Department had also directed UiTM to file a notice of the leak and to provide further information about the incident.

Despite this, many feel that the investigations will not bring much change. In the past, companies that have faced data leaks and breaches in Malaysia were not subjected to severe fines and penalties. The reason for this is a lack of accountability and also rules that require organizations to report data leaks or data breaches in the country. Apart from the Personal Data Protection Act, organizations in Malaysia often do not face any legal actions from leaked data, unless they are being sued.

Going back to the education sector, this is not the first time UiTM has experienced a data breach. In 2019, there were reports that the personal data of more than a million UiTM had been leaked online. The university stated it would conduct investigations but it seems that they have still yet to fix the issue, given the latest data leak.

In fact, Palo Alto Networks’ Ransomware report highlighted that the education sector in Malaysia is the most targeted by ransomware groups, making this case even more alarming and revealing the industry’s weakness in handling sensitive data.

This incident serves as a reminder of how easily personal information can be exposed. While there haven’t been any reports of significant damage, businesses handling sensitive data must be accountable for implementing effective measures to safeguard the personal data of their users.

Commenting on this incident, Palo Alto Networks ASEAN Systems Engineering Head, Malaysia / Cortex, David Rajoo, urged, “Organisations like the education sector, must develop an effective security strategy to uphold the integrity of their data whether it is at rest, in use, or in motion. This includes upgrading cybersecurity defenses consistently to keep up with the evolving threats, stay ahead of the attack curve and minimize the possibilities of data breaches.”

Furthermore, 80% of security alerts come from users repeating the same mistakes according to another report by Palo Alto Networks. To prevent recurring data breaches in Malaysia, Rajoo suggested organizations put in place security measures starting from the first line of defense, giving necessary education and training to their employees. Some recommendations include:

• Digital training: Data security is a broad issue that is covered in digital training, including password management, secure file sharing, and safe browsing practices. This can involve instruction on how to generate secure passwords, refrain from using the same password for many accounts, transfer files and documents securely, and browse the internet safely and steer clear of harmful websites.
• Phishing link training: Phishing link training involves educating employees on how to recognize and avoid phishing attacks. This may involve mock phishing assaults that assess staff members’ capacity to recognize and report dubious emails or links.
• Ongoing cyber security awareness initiatives: As the threat landscape is continuously shifting and new threats are consistently appearing, it is essential to be informed about the most recent risks. A cybersecurity program is a useful tool for keeping this awareness up. As part of compliance efforts, it ensures the organization is aware of recent risks and vulnerabilities and provides best practices for data protection.

“In light of this, it is always important to strengthen our cyber security posture in general. This can be achieved by hiring dedicated cybersecurity personnel, implementing comprehensive security systems and regularly conducting security assessments to identify vulnerabilities and areas for improvement,” commented Rajoo.

Rajoo added that Malaysian individuals and organizations need to be more vigilant in protecting their sensitive data.

“Successful cybersecurity demands collective efforts to ensure data security. The recent breach underscores the need for Malaysia to enhance its cybersecurity posture, whether through individual data hygiene awareness or organization-wide cybersecurity investment.”

The post Will regulators take action on Malaysian university for admitting data leak? appeared first on TechWire Asia.

Small and medium-sized businesses (SMBs) in the Asia-Pacific (APAC) region are increasingly being targeted by cyberattacks. SMBs can suffer significant repercussions from these attacks, including monetary loss, reputational harm, and loss of private customer data. According to Mini Me Insights, the first half of this year saw more phishing email instances in Malaysia, the Philippines, Thailand, and Vietnam than in any other four of the six APAC countries combined.

Phishing is a standard attack where attackers use fake emails or websites to deceive employees into divulging sensitive information. Ransomware is a different attack in which perpetrators encrypt a company’s data and demand money for the decryption key. According to Australian Cyber Security Magazine, the average sum corporations are willing to pay has increased and nearly doubled to AU$ 1,288,608 from AU$ 682,123 in 2021.

In a world where cybercrime never sleeps, organizations need a cybersecurity plan that is “always on”. The need is even greater for SMBs, as cybercriminals’ attention on these organizations has grown significantly in recent years. And according to Kurt Baumgartner, a chief security researcher at Kaspersky, there are five main threats that small and medium-sized businesses need to be aware of.

Here are his predictions and suggestions for SMBs who want to prepare for a cyberattack.

There’s a saying that those who own the information own the world. However, speaking about information security, the whole “world” is not enough – cybercriminals’ needs are confined to other people’s data, money, business. Don’t think that attackers are in a constant chase for big fortunes or tabloid scandals: as the statistics show, more than 60% of all small and medium businesses have experienced cyberattacks over the course of 2022.

Small and medium-sized companies are great contributors to the global economy: according to the World Trade Organization, SMBs represent more than 90% of all businesses worldwide. Due to cyberattacks, businesses may lose confidential information, finances, valuable market shares – and there are plenty of ways criminals are trying to reach their goals. The least we can do is count them; what’s more important is to define the threats the SMB sector might be exposed to – and ways they can be detected and prevented. Additionally, small enterprises consider a cybersecurity incident as one of the most challenging types of crises.

Kaspersky experts analyzed vulnerable points small and medium-sized businesses might have and outlined some major cyber threats for entrepreneurs that they must be aware of.

Data leaks caused by employees

There are different way a company’s data may be leaked – and, in certain cases, it might happen involuntarily.

During the pandemic, many remote workers used corporate computers for entertainment purposes, such as playing online games, watching movies, or using e-learning platforms – something that continues to pose financial threats to organizations. This trend is here to stay, and while during 2020, 46% of employees had never worked remotely before, now two-thirds of them state they wouldn’t go back to the office, with the rest claiming to have a shorter office work week.

The level of cybersecurity after the pandemic and initial adoption of remote work by organizations en masse has improved. Nevertheless, corporate computers used for entertainment purposes remain one of the most important ways to get initial access to a company’s network. Looking for alternative sources to download an episode of a show or a newly released film, users encounter various types of malware, including Trojans, spyware and backdoors, as well as adware. According to Kaspersky statistics, 35% of users who faced threats under the guise of streaming platforms were affected by Trojans. If such malware ends up on a corporate computer, attackers could even penetrate the corporate network and search for and steal sensitive information, including both business development secrets and employees’ personal data.

There’s a tendency to blame ex-workers for possible data leaks. However, only half of recently surveyed organizations’ leaders are confident that ex-employees don’t have access to company data stored in cloud services or can’t use corporate accounts. An ex-colleague may not even remember they had access to a certain resource. But a routine check by those same regulators might reveal that unauthorized persons do in fact have access to confidential information, which would still result in a fine.

Even if you’re absolutely certain you parted ways on good terms with everyone, that doesn’t mean you’re out of the woods. Who can guarantee they didn’t use a weak or non-unique password to access work systems, which attackers could brute-force or come across in an unrelated leak? Any redundant access to a system – be it a collaborative environment, work email or virtual machine – increases the attack surface. Even a simple chat among colleagues about non-work issues could be used for social-engineering attacks.

DDoS attacks

Distributed Network Attacks are often referred to as Distributed Denial of Service (DDoS) attacks. This type of attack takes advantage of the specific capacity limits that apply to any network resources – such as the infrastructure that enables a company’s website. The DDoS attack will send multiple requests to the attacked web resource – with the aim of exceeding the website’s capacity to handle multiple requests… and prevent the website from functioning correctly.

Attackers resort to different sources to perform acts on organizations such as banks, media assets, or retailers – all frequently affected by DDoS attacks. Recently, cybercriminals targeted the German food delivery service, Takeaway.com (Lieferando.de), demanding two bitcoins (approximately $11,000) to stop the flood of traffic. Moreover, DDoS attacks on online retailers tend to spike during holiday seasons, when their customers are most active.

There’s also a growing trend towards gaming companies gaining scale. The North American data centers of Final Fantasy 14 were attacked in early August. Players experienced connection, login, and data-sharing issues. Blizzard’s multiplayer games — Call of Duty, World of Warcraft, Overwatch, Hearthstone, and Diablo: Immortal — were also DDoSed yet again.

Something to note is that many DDoS attacks go unreported, because the payout amounts are often relatively small.

Supply chain

Being attacked through a supply chain typically means a service or program you have used for some time has become malicious. These are attacks delivered through the company’s vendors or suppliers – examples can include financial institutions, logistics partners, or even a food delivery service. Such actions may vary in complexity or destructiveness.

For example, attackers used ExPetr (aka NotPetya) to compromise the automatic update system of accounting software called M.E.Doc, forcing it to deliver the ransomware to all customers. As a result, ExPetr caused millions in losses, infecting both large companies and small businesses.

Or take CCleaner, one of the most famous programs for system registry cleaning. It is widely used by both home users and system administrators. At some point, attackers compromised the program developer’s compilation environment, equipping several versions with a backdoor. For a month these compromised versions were distributed from the company’s official websites, and downloaded 2.27 million times, and at least 1.65 million copies of the malware attempted to communicate with the criminals’ servers.

The recent examples that drew our attention are DiceyF incidents, that were performed in Southeast Asia. The prime targets were an online casino developer and operator and a customer support platform, that were attacked in Ocean 11 style. Or the SmudgeX incident comes to mind: an unknown APT compromised a distribution server and replaced a legitimate installer with a trojanized one, spreading malicious PlugX within a South Asian nation to all federal employees who had to download and install the new, required tool. Surely, the IT support managing the distribution server and the developers were affected.

Malware

You can encounter malicious files everywhere: if you download illegitimate files, make sure they do not harm you. The most emerging threats are the encryptors that chase a company’s data, money, or even personal information of its owners. To support this, it’s worth mentioning that more than a quarter of small and medium-sized businesses opt for pirated, or unlicensed software to cut costs. Such software may include some malicious or unwanted files that may exploit corporate computers and networks.

Additionally, business owners must be aware of access brokers as such layers of groups will cause SMBs harm in a variety of ways in 2023. Their illegal-access customers include cryptojacking clients, banking password stealers, ransomware, cookie stealers, and other problematic malware. One of the examples is Emotet, malware that steals banking credentials and targets organizations around the world. Another group that targets small and medium-sized businesses is DeathStalker, best known for its attacks on legal, financial and travel entities. The group’s main goals rely on looting confidential information regarding legal disputes involving VIPs and large financial assets, competitive business intelligence as well as insights into mergers and acquisitions.

Social engineering

Since the onset of the COVID-19 pandemic, many companies have moved much of their workflows online and learned to use new collaboration tools. In particular, Microsoft’s Office 365 suite has seen a lot more use — and, to no one’s surprise, phishing now increasingly targets those user accounts. Scammers have been resorting to all sorts of tricks to get business users to enter their passwords on a website made to look like Microsoft’s sign-in page.

We’ve uncovered many new ways that phishing scammers are trying to fool business owners, which sometimes turn out to be quite elaborate. Some are mimicking loan or delivery services – by sharing false website or sending emails with fake accounting documents.

Some attackers masquerade as legitimate online platforms to get profit out of their victims: it may be even quite popular money transfer services, such as Wise Transfer.

Another red flag discovered by Kaspersky experts is a link to a page translated using Google Translate. Attackers use Google Translate to bypass cybersecurity mechanisms. The senders of the email allege that the attachment is some kind of payment document available exclusively to the recipient, which must be studied for a “contract meeting presentation and subsequent payments.” The Open button link points to a site translated by Google Translate. However, the link leads to a fake site launched by attackers in order to steal money from their victims.

In summary, cybercriminals will try to reach victims in any way possible – through unlicensed software, phishing websites or emails, breaches in the business’s security network or even via massive DDoS attacks. However, a recent survey by Kaspersky showed that 41% of small and medium-sized businesses have a crisis prevention plan – thus, do care about cybersecurity and understand how challenging IT security incident remediation can be is a good tendency that hopefully will result in reliable protective measures implemented within these organizations.

To protect businesses from cyberattacks, Kaspersky recommends the following:

• Implement a strong password policy, requiring a standard user account’s password to have at least eight letters, one number, uppercase and lowercase letters, and a special character. Make sure these passwords are changed if there any suspicion that they have been compromised. To put this approach into practice without additional efforts, use a security solution with a comprehensive built-in password manager.
• Don’t ignore updates from a software and device vendors. These usually not only bring new features and interface enhancements, but also resolve uncovered safety gaps.
• Maintain a high level of security awareness among employees. Encourage your workers to learn more about current threats and ways to protect their personal and professional life and take relevant free courses. Conducting comprehensive and effective third-party training programs for employees is a good way to save the IT department time and get good results.

The post Act now: Watch out for these five small and medium-sized business threats in 2023 appeared first on TechWire Asia.

Scammers continue showing that the wicked never rest. While their objectives—to obtain peoples’ financial and personal information—remain the same, their tactics constantly evolve to keep up with the times. In fact, scammers have upgraded their tactics and skills enough that some of them are even scamming other scammers because they are familiar with the operations, making it easier to avoid detection and get something out of them.

According to a recent report by Sophos, cybercriminals are scamming each other out of millions of dollars and using arbitration to resolve disagreements over the scams. The report also discloses how attackers use time-tested methods, some of which are decades old, to carry out their schemes against one another, including typosquatting, phishing, backdoored malware, and fake marketplaces.

For those unfamiliar with how the techniques work, let’s go through them one by one:

• Typosquatting: A type of attack that targets users who accidentally type the wrong website address into the URL field of their browser. Internet users frequently have no idea they are browsing or making purchases on a fake website. Fraudulent website owners could use this identity theft to deceive customers into giving up their personal information.
• Phishing: A type of online fraud that preys on people by sending them emails that look to be from legitimate companies, such as banks, mortgage lenders, or internet service providers.
• Backdoor malware: A type of malware that circumvents normal authentication processes to gain system access. As a result, remote access is granted to application resources, allowing criminals to run malware updates and execute system commands remotely.
• Fake marketplace: The website serves as a platform for frauds, such as fake goods, catfishing, and even hacking.

Hackers and fraudsters are no longer just skilled software engineers or computer professionals. The ease of technology today means that “noobs” could be responsible for a fraud incident that costs businesses and customers millions of dollars.

In APAC alone, the number of fraud incidences increased by more than doubled (178%) in the first quarter of 2021 compared to the same period in 2020. With increases of 250 percent and 650 percent, respectively, online banking fraud and account takeovers are the two most common occurrence categories.

How scammers are getting scammed

For this report, Sophos X-Ops experts looked to BreachForums, an English-language cybercrime forum and marketplace focusing on data leaks, and Exploit and XSS. Exploit and XSS are Russian-language cybercrime forums that offer Access-as-a-Service (AaaS) listings. There are designated arbitration rooms at all three locations.

The practice of scamming fraudsters is lucrative even though it occasionally results in mayhem among the “plaintiffs and defendants,” with some accused criminals either going dark and not showing up or labelling the complainants themselves “rippers.” Sophos examined 600 scams over the course of a year, with claims ranging from US$ 2 to US$ 160,000, costing threat actors more than US$ 2.5 million between them on just three sites.

Not all scams have purely financial motives. According to Matt Wixey, Senior Security Researcher at Sophos, personal beefs and rivalries were prevalent. Additionally, they discovered instances in which scammers would con the people who had scammed them.

“In one case, we found a trolling contest set up to get revenge on a scammer trying to trick users into paying US$ 250 to join a fake underground forum. The ‘winner’ of the contest received US$ 100,” Wixey added.

Furthermore, Sophos found that the argument and arbitration processes left behind a trove of untapped intelligence that security experts and law enforcement might use to better comprehend and thwart cybercriminal practices.

“Because criminals often need to offer up a lot of evidence when reporting the scams that they themselves have fallen victim to, they provide a wealth of tactical and strategic information about their operations—something which has been an untapped resource until now,” said Wixey. “These arbitration reports also give us an inside look at attackers’ priorities, their rivalries and alliances, and, ironically, how they’re susceptible to the same types of deception used against their victims.”

The post What happens when scammers get scammed? appeared first on TechWire Asia.

Hackers and other bad actors frequently target businesses of all sizes to steal sensitive data. With the amount of data being generated and stored, the significance of data protection grows along as well. Cyberattacks and data breaches can have catastrophic damages. Therefore, organizations must proactively protect their data and frequently update their security protocols.

Particularly for Singapore, where firms suffer an average of 54 security incidents per day, the threats are expanding rapidly, and 62% of cybersecurity experts feel it’s hard to keep up.

The nation is no stranger to this. Since the start of the pandemic, Singaporeans have demonstrated a growing concern over privacy and the protection of personal data. The latest OpenText survey revealed a general need for more understanding about what specific data is saved and why, as well as a lack of confidence in how businesses manage and store that data.

​

The secret to regaining that trust is improved information governance and protection, which combines a strong enterprise information management strategy with multi-layered security and data protection that offers greater certainty and produces an information advantage.

The rising concern due to government’s digital solution

Singaporeans are becoming more wary of those who have access to their personal data because pandemic life over the past few years has also seen a widespread adoption of remote working, a general shift to doing daily tasks online, and the government roll-out of digital solutions like Singapore TraceTogether. So much so that 85% of people believe they now have new concerns about how organizations are handling their data since the outbreak. 

These concerns are so strong that two in five (39%) say they would stop using or purchasing from a company they had previously been loyal to if it leaked or failed to protect their personal data. Additionally, seven in ten (69%) say they would be willing to pay more to use or purchase from a company that protected personal data.

A new normal data protection concern

As the world begins to recover from the global health crisis, Singaporeans are growing more concerned about how their data is being managed and protected in this new normal. In fact, firms that use distributed work models are causing nine out of ten people (89%) more anxiety about their personal data, and two out of five people (39%) expect those organizations to make sure that everything is secure, regardless of where their employees work from.

Not to mention that the use of apps like TraceTogether, for instance, is no longer required; two out of every five Singaporeans (39%) are worried that their data won’t be deleted even when it is no longer needed to fight COVID-19.

Raising awareness of data privacy and concern

Due to the growing awareness of the laws governing data privacy and protection, businesses can’t afford to play fast and loose with consumers’ data. Nearly half (46%) of Singaporean consumers think they have a general understanding of data privacy laws – an increase over the 40% at the start of the pandemic.

During the past two years the number of Singaporeans who claim to be aware of data protection laws has risen from 37%in early 2020 to 47% in 2022. Although this shows that the pandemic made them more aware of data privacy laws and general understanding has been improved, more education is still needed.

“Businesses need to foster an integrated, data-centric approach to information governance and privacy management by leveraging discovery and classification tools to mitigate risks associated with the way they handle privacy and sensitive data and securing content with stronger classification and retention capabilities. In today’s post-pandemic world, organizations must unlock their information advantage, to protect their customers’ information and, in doing so, allay their concerns and retain their trust,” said Andy Teichholz, Global Industry Strategist, Compliance and Legal at OpenText.

The post Data protection is vital: 85% of Singaporeans concerned about how companies use their data appeared first on TechWire Asia.

Data breaches are becoming increasingly common, and it seems like hardly a week goes by without another high-profile one hitting the headlines. The latest victim is the Malaysian Election Commission (EC) MySPR system database.

The data of more than 800,000 users, including pictures of selfies and the MyKad national ID, which was part of the system’s Electronic Know Your Customer (eKYC) implementation, was found in a much-pulicized online marketplace for databases.

The database, which also contains information on the entire electoral roll with details of 22 million voters, is being sold for around RM9,401 (US$2,000). However, the seller specifically requested for payment to be made via cryptocurrency.

This and other recent Malaysian data breaches raise serious concerns about the safety and security of the country’s information and data. It also raises questions about the country’s readiness to face future elections, when crucial personal data from official government sources can seemingly be found online easily — and for a paltry sum for such sensitive data, no less.

What is the MySPR system database?

The Malaysian Election Commission (EC) originally implemented the MySPR system to streamline and centralize the registration of voters in the country. The MySPR system is an online database that contains the personal information of all registered voters in Malaysia. 

The personal information of registered voters includes their name, IC number, date of birth, address, and contact information. The MySPR system is accessible to all citizens of Malaysia who are aged 18 and above. 

MySPR Daftar can be deemed obsolete with the implementation of automatic voter registration earlier this year, but this does not mean that EC has abandoned the system.

Malaysian citizens outside the country and eligible members of security forces and related frontline agencies that must be on duty during election day also need to use the system to apply for a postal vote. The MySPR system was created to improve the efficiency of the voter registration process in Malaysia. 

Malaysia is trying to strengthen cybersecurity

The recent MySPR database leakage incident raised questions on whether the data protection laws in Malaysia are adequate. This news surprises many, as the Malaysian government has been relatively vocal about its efforts to protect the personal data of its citizens. 

In fact, it was shared during Budget 2023 that a total of RM73 million (US$5.83 million) will be allocated to strengthen cybersecurity in Malaysia, specifically in threat monitoring, detection, and reporting, and to develop the nation’s cyber forensic capabilities.

As part of the drive to combat cybercrime and scams, a National Scam Response Centre will also be set up involving the police, the central Bank Negara Malaysia, the National Anti-Financial Crime Centre, and financial institutions operating locally.

Recent data breaches in Malaysia

This is not the first time a data breach has hit the Malaysian government, by a long shot. Among the recent ones is a data leak where the personal financial data of 22 million Malaysians from the National Registration Department were sold on the dark web.

Nearly two million payslips and tax forms in PDF format, amounting to 188.75 gigabytes from the Penyata Gaji (ePaySlip) system, were extracted by a group of grey hat hackers. According to cybersecurity company Surfshark, Malaysia was the 11th most data-breached country in the second quarter of 2022, based on an analysis of millions of breached accounts from April to June. 

Meanwhile, Trend Micro Incorporated revealed that two-thirds (67%) of Malaysian organizations think they’ll be successfully attacked in the next 12 months, with 22% claiming this is “very likely” to happen. The report also shows that 87% of companies claimed to have suffered one or more successful cyberattacks in the past 12 months, while 26% had more than seven data breaches of information assets.

This is a worrying trend, as Malaysia does not seem adequately prepared to deal with such attacks. Data breaches can significantly impact individuals, businesses, and the economy.

They can lead to identity theft, financial loss, and damage to reputation. Although the Malaysian government is taking steps to address the issue, more needs to be done to protect the data of Malaysians.

The post ‘X’ marks the MySPR election database, found for sale online appeared first on TechWire Asia.

When it comes to what is available online, the world wide web (WWW) is merely the top of the iceberg. Much like how we don’t know 95% of what’s beneath the ocean – that is essentially what the darknet market is like.

The darknet is hidden within the deep web, which is located beyond all of the websites that Google and other popular search engines have indexed.

What’s in the darknet market?

The darknet is made up of networks within the deep web that let users browse and interact anonymously. With something called onion routing, they maintain their anonymity. Onion routing technologies like Tor encrypt data packets using multiple concentric levels of encryption and route them through a network of relay nodes rather than connecting a computer directly to a server.

Data is kept in numerous layers of encryption, similar to the layers of an onion. Up to the final layer, which transfers the data to its destination, each layer discloses the next relay.

Some darknet activity is criminal, including the sale of illegal narcotics, firearms, and even assassins for hire, and they primarily utilize bitcoin as payment. Thanks to bitcoin, a cryptocurrency that lets two parties to carry out a trusted transaction without being aware of each other’s identities, the darknet has exploded.

Even though almost all dark web marketplaces accept bitcoin or another cryptocurrency, that doesn’t necessarily mean transacting there is safe. The environment’s inherent secrecy attracts scammers and crooks.

You might believe that browsing the darknet is simple with all the activity and the impression of a busy market – well it’s not. When everyone is anonymous and a sizable portion of them are out to defraud others, the environment is as disorganized and chaotic as anticipated.

What Kaspersky found

Let’s put it into perspective. Kaspersky’s Digital Footprint Intelligence (DFI) report for APAC states that 95% of all adverts in the region are the result of database leaks. When examining the weighted GDP quantities of orders, Singapore and Australia have by far the largest data leaks markets.

The report emphasizes data gathered the previous year to help businesses, organizations, and even countries keep an eye on potential external threats and remain abreast of potential cybercrime, particularly that which is discussed on the darknet.

As statistics are spread out over time, darknet activity related to attack impact (advertisements on selling data leaks and compromised data) predominates, as criminals sell, resell, and repack a lot of historical data breaches.

Stage 1: Interest to buy access

Initial access offers are sought after by cybercriminals, who are aware of the largest market for such adverts. The main enemies who are interested in starting an attack are from Pakistan, Australia, India, and mainland China. In 84% of the ads from the assault preparation category, these nations were mentioned.

Stage 2: Orders for access – ready to execute

The findings from attack execution stage are the most encouraging; artefacts show that adversaries have the ability or have already gained access to networks or services of businesses, but there hasn’t yet been any impact on business. Australia, India, China’s mainland, and the Philippines account for 75% of the adverts on the darknet that Kaspersky has identified as signs of an assault.

Stage 3: Data leaks and data for sale

The sale or unrestricted use of the stolen data will happen after a data leak. Data leaks and insider activity orders, which include but are not limited to databases, confidential papers, PII, credit cards, VIP information, financial data, and many more, can be signs of compromise.

According to Chris Connell, Managing Director for Asia Pacific at Kaspersky, cybercriminal operations are definitely active below the surface of the web. “From attack preparation and execution, to the impact of a data leak and then selling and reselling of stolen information, this functioning malicious system is a serious threat for businesses and organizations here in APAC,” he said.

Connell noted that access to the companies and the sale of data frequently go hand in hand. As a result, a two-pronged attack on an organization is possible.

“Your confidential information can be stolen and be sold, and these cybercriminals can open and offer your infected system to more malicious groups. A double whammy that requires a proactive defense that includes strong incident response and Darknet monitoring capabilities through real-time and in-depth threat intelligence reports,” he concluded.

The post Australia and Singapore record the largest number of adverts on the darknet market in APAC appeared first on TechWire Asia.

Reports by major publications around the world have confirmed that the data leak, which involves around 70% of China’s population is real. Some news agencies have even reached out to individuals whose particulars have been leaked online.

Bloomberg has also reported that China’s cabinet has stressed the need to bolster information security, following the data leak, but not directly addressing it. Quoting Xinhua News Agency, the report stated that a State Council meeting led by Premier Li Keqiang emphasized the need “to improve security management provisions, raise protection abilities, protect personal information, privacy and commercial confidentiality in accordance with the law.” The report didn’t directly reference the hack, and other state media agencies have so far been silent about the incident.

But there is one question that is also going through the minds of everyone, could China’s data leak have been carried out by state-sponsored hackers? Was it an act of espionage by another country? Or was it just simply caused by human error?

According to Candid Wuest, VP of Cyber Protection Research at Acronis, while it is not impossible, it is very unlikely that this data breach was the work of a nation-state attacker. Wuest explained that human error was more likely the reason behind it. This error was then discovered by a semi-automated scraping script of some cybercriminals.

At the same time, the monetization route chosen for the data leak is far more common with traditional cybercriminals instead of nation-state hackers. However, there is no denying that the data can now be purchased by almost anyone willing to pay for it, which is where the real concern is.

Echoing Wuest’s views is Stas Protassov, co-founder & Technology President of Acronis. Protassov pointed out that there was indeed a blog post by a developer on CSDN which contained access credentials – this might have been the entry point for the attacker.

“It’s not possible to confirm the attack vector without access to the organization’s logfiles, but it is a very likely scenario. Based on ID format, we can say with some confidence that it looks like ElasticSearch dump – again, it’s unclear whether it was due to the leaked credentials, or if it was badly configured, to begin with. Most commonly, this kind of leak happens when someone leaves an unauthenticated Elastic instance available from the Internet,” explained Protassov.

At the same time, Wuest highlighted that access to any valuable data should be guarded and protected with proper authentication. This includes strong credentials, proper rights management, as well as auditing and monitoring.  It also means that old or exposed accounts and API keys need to be discarded as quickly as possible.

Additionally, solutions like Data Loss Prevention (DLP) and User Entity Behavior Analytics (UEBA) can be used to detect anomalies of data access patterns before the data is exfiltrated. Periodical user awareness training and revisiting

For Protassov, news of such leaks is quite common, but this one is unique – because it’s big and because it proves that no one, not even IT administrators in China, is immune to making mistakes.

On whether the data leak could have a greater impact on China, Protassov said it is fairly unlikely that the data on its own is enough to take over the identification services, but it could lead to phone swapping or other identity fraud activity which could then lead to negative scoring in social media platforms.

“This information could be used to personalize future attacks, such as spear phishing, or to commit fraud in the name of the victims. Organizations and individuals should be vigilant of malicious emails or text messages in the near future and monitor for any fraud activity,” added Protassov.

China’s largest data leak saw cybercriminals offering a full dump of the database containing 24TB of personal information, with the asking price at 10 Bitcoins which currently is around US$200,000. Among the type of data leaked included personal info files, phone location data (or owner’s address) along with phone numbers, and what seems like a police incident or criminal case registry – with location and short incident description.

Protassov added that the majority of what is being told to be criminal case information are minor incidents bordering on public offense. This included phrases like, “Police were called to a scene of “There was a fight at the gate of the (redacted by Acronis) Zhujing Town, Jinshan District. Disputes to be mediated by the agency”, or “Water meter has been stolen. Police made a record”, or “The person who called the police was driving a car accidentally scratched the left side of the vehicle”. Protassov felt that as these records do refer to people involved, it could be damaging to some of those people.

“Unfortunately, with the growing complexity of IT infrastructure, we are seeing more and more of these large data breaches – cases where access control was not managed adequately, especially with large cloud databases and data buckets. This case will not remain the largest data leak in history for long,” he said.

The post Could nation-state hackers be behind the largest data leak in China? appeared first on TechWire Asia.