Supporting Partners

Special Report

February 20, 2021 — A previously undetected piece of malware found on almost 30,000 Macs worldwide is generating intrigue in security circles, and security researchers are still trying to understand precisely what it does and what purpose its self-destruct capability serves.

Once an hour, infected Macs check a control server to see if there are any new commands the malware should run or binaries to execute. So far, however, researchers have yet to observe delivery of any payload on any of the infected 30,000 machines, leaving the malware’s ultimate goal unknown. The lack of a final payload suggests that the malware may spring into action once an unknown condition is met. Source: arstechnica

February 18, 2021, — Australians were the recipients of almost 60,000 online sextortion attempts in January 2021, a leading cybersecurity firm has revealed.

Digital security firm Avast said globally it blocked over half a million attack attempts in January, including 59,100 attempts in Australia.
Sextortion is a technique used by cybercriminals where emails are sent en-masse claiming to have filmed a user via their own webcam during an intimate act.

Source: 9news

February 11, 2021, — unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process. Water treatment plant personnel immediately noticed the change in dosing amounts and corrected the issue before the SCADA system’s software detected the manipulation and alarmed due to the unauthorized change. As a result, the water treatment process remained unaffected and continued to operate as normal. The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security, and an outdated operating system.

Source: CISA

February 11, 2021 — MEMPHIS, TN—Many romance scammers promise love, passion, and a lifetime of happiness, but in reality, they are looking for victims to rob of their savings. The FBI Memphis Field Office is continuously working to raise awareness about online romance scams, also called confidence fraud. In this type of fraud, scammers take advantage of people looking for companionship or romantic partners on dating websites, apps, chat rooms, and social networking sites with the sole goal of obtaining access to their financial or personal identifying information. Romance scams are prevalent, especially during this time of year. Increased isolation brought on by the COVID-19 pandemic has also resulted in more people looking for love online. Source: MEMPHIS

February 11, 2021 — ALOR GAJAH: Melaka police have seized 700 computers servers running on stolen electricity to mine cryptocurrency at a two-storey shoplot at Pusat Perniagaan Pulau Sebang here yesterday.

Deputy police chief Shahrul Lalli Masduki said the illegal activity, believed to be going on for about two months, had caused Tenaga Nasional Berhad to suffer losses of about RM648,000.

He said a 35-year-old man was detained. Source: FMT

February 6, 2021 — Aussies have been warned about a Netflix scam doing the rounds, after cyber security firm MailGuard intercepted a malicious email from a hacker purporting to be from the streaming service.

MailGuard said the phishing emails used a display name of ‘Netflix Membership’, and were titled ‘We recently detected an issue with the billing information associated with your Account’.

With 11.9 million Aussies using Netflix, cybercriminals have taken advantage of the popular streaming service’s name in order to trick users into spilling their bank details.

The email uses a Netflix logo, and prompts readers to ‘update their details’ via a button at the end of the email. Source: yahoo!finance

February 6, 2021 — Late last December we started getting a distress call from our forum patrons. Patrons were experiencing ads that were opening via their default browser out of nowhere. The odd part is none of them had recently installed any apps, and the apps they had installed came from the Google Play store. Then one patron, who goes by username Anon00, discovered that it was coming from a long-time installed app, Barcode Scanner. An app that has 10,000,000+ installs from Google Play! We quickly added the detection, and Google quickly removed the app from its store. Source: MalwarebytesLABS

February 5, 2021 — Eletrobras, the largest power company in Latin America, faces a temporary suspension of some operations.

Two state-owned utility companies in Brazil suffered separate ransomware attacks in the past week, forcing them to shut down some operations and services temporarily, In one case, sensitive data was stolen and dumped online, including network access logins and engineering plans. Source: threat post 

February 4, 2021 — The web is full of algorithmically created content, made to trick our eyes into believing it’s true. There are numerous fake face generators sometimes used to populate fake social media accounts. But now there is a way to accurately tell whether someone behind the black mirror is real.

Researchers at Sensity, an Amsterdam-based visual threat intelligence company, released an online tool designed to spot fake human faces in pictures and videos. With a high degree of confidence, the tool’s algorithms can spot whether the content was manipulated using general adversarial networks (GAN). These are often employed to craft various deepfakes that freely circulate the web. Source: cybernews

February 4, 2021 — GHL Group has launched an investigation into the E-Pay data breach allegations.

Personal details of over 300,000 E-Pay customers appears to have been exposed online through a data breach. A threat actor was spotted selling a database of 380,000 customers on an data sharing forum for USD 300 (about RM1,215). That’s about 0.32 sen per user.

The sale was highlighted by @Bank_Security on Twitter and was recently shared by OMG Hackers. Source:SOYACINCAU

Global Financial News on Cybersecurity

Global Healthcare Cyber Security expected to reach USD 33.65 billion by 2027 – Fior Markets
Global $16.9 Billion Industrial Cybersecurity Markets, 2020-2025: Analysis & Forecasts by Network, Endpoint, Application, Cloud, Wireless and Others
Business Wire: Middle East & Africa Cyber Security Market 2020-2026: Forecasts by Component, Offering, Deployment, Vertical and Competitive Landscape - ResearchAndMarkets.com
The Daily Swig: Europe falling behind the US and China on cybersecurity funding, expertise
Globe News Wire: Asia Pacific Railway Cyber Security Market Forecast to 2027 - COVID-19 Impact and Regional Analysis By Component, Type, Security Type, and Country
Globe News Wire: Economic Impact of COVID-19 on Global Cyber Security Market
The Edge: Southeast Asia's internet economy to triple to over US$300 bil by 2025: reports
ABC, Australia: Cybersecurity spending gets $1.35 billion boost in wake of online attacks against Australia