Another day, another Malaysian organization experiences a data breach. Everyone knows about the flaws and weaknesses in Malaysia’s cybersecurity laws. While the government is working on a new law to deal with this issue, businesses need to ensure they are well-prepared to deal with breaches.

While most companies in Malaysia continue to invest in improving their cybersecurity, they also need to be aware of how their company and customer data is being used, stored and disposed of. Malaysia already has several regulations on how personal data should be managed. However, the implementation of the law has still failed to boost some industries to take the matter seriously.

COST OF A DATA BREACH FOR ASEAN BUSINESSES HITS RECORD HIGH

Aaron Raj | 28 July, 2023

According to a report by Surfshark, a cybersecurity company, Malaysia was ranked as the eighth most breached country in Q3 2023, with 494,699 leaked accounts. The breach rate was 144% higher in Q3 2023 than it was in Q2 2023, and around four Malaysian user accounts were leaked every minute in Q3 2023.

Just taking a look at the recent cybersecurity incidents in the country, most of the data breaches are caused by ransomware attacks or systems that were simply not secured enough.

Major cybersecurity incidents in Malaysia in the past 24 months include:

• In December 2022, a hacker claimed to have the personal information of 13 million voters from the Election Commission, as well as customers of Maybank and Astro. The stolen data was posted on an online database marketplace, where the seller asked for direct messages through Telegram or the forum’s messaging features to complete the sale.
• In November 2023, a hacker claimed to have a 2022 database of 487 million WhatsApp user mobile numbers, of which 11 million were from Malaysia. The leak included accounts from 84 countries and was sold on a hacking community forum.
• In September 2023, Malaysia recorded its highest number of data breach cases, with an all-time high of 15 reported cases a week involving mainly ransomware attacks. The situation sparked concern over related cybercrimes and phone scams, which have led to millions of ringgit losses annually.
• iPay88, a payment gateway provider in Malaysia, suffered a data breach in May 2022 that potentially compromised customers’ card data. Since then, iPay88 has been working with cybersecurity experts to investigate and contain the breach.
• AirAsia was the subject of alleged data leak claims in November 2022, as confirmed by the Malaysian government and various news sources. The hacker group Daixin Team claimed responsibility for the attack, which compromised the personal data of five million passengers and all employees of AirAsia. The ransomware attack was on redundant systems, and AirAsia has launched an investigation into the alleged data breach.

Malaysia was ranked as the eighth most breached country in Q3 2023, with 494,699 leaked accounts. (Image generated by AI).

 TM suffers data breach again

 The Star reported that customer data from Telekom Malaysia (TM) has made its way to the dark web forum. The report stated that a user claimed that he had stolen the complete customer database of the telco company.

The user claims that the data contains nearly 200 million entries, with “nearly 20 million effective user data.” Additionally, the user provided screenshots purporting to be the company’s customer database architecture documentation, with 161 pages outlining the structure, design, and functionality of the company’s customer database system.

KASPERSKY FORESEES RISE IN PHISHING, SCAMS, DATA BREACHES, AND APT ATTACKS IN APAC FOR 2024

Muhammad Zulhusni | 16 January, 2024

This is not the first time TM has experienced a data breach. In 2023, TM confirmed a data breach involving historical Unifi customers’ personal information such as name, national identification/passport number, and contact details. In 2022, TM found 250,248 Unifi Mobile customers to be affected by a data breach, constituting both individual customers and SMEs. The type of data that was breached involved customer names, phone numbers and emails.

The Star also reported that TM released a statement claiming that it had received a ransom note recently, which had prompted “an immediate and thorough investigation to verify these claims.”

It claims that its investigation has shown “that the alleged materials are pre-processed, recycled and dated. Nonetheless, we are treating the situation with the utmost seriousness and are dedicated to resolving this issue with high urgency,” it said.

It also said that it has engaged the relevant authorities, lodged a police report, and is continuously fortifying its cyberdefenses and bolstering its resilience against such threats.

Old data can be compromised by cybercriminals in various ways. (Image generated by AI).

Data breaches impact all data

Here’s where it gets concerning. Despite the data being old and outdated, the information can still be compromised by cybercriminals. In fact, some cybercriminals are hacking encrypted data now so they can decrypt them in the future. Such is the value of data  – which businesses need to take more seriously.

For TM, suggesting that the data is “pre-processed, recycled and dated” may just lead to more concerning situations in the future. Here are several ways cybercriminals can still use old data:

• Identity theft: Old data can contain personal information that can be used to impersonate someone or access their accounts. For example, a cybercriminal can use an old email address and password to log in to a social media account and post malicious content or scam messages.
• Fraud: Old data can contain financial information that can be used to make unauthorized transactions or purchases. For example, a cybercriminal can use an old credit card number and expiry date to buy goods or services online.
• Blackmail: Old data can contain sensitive or embarrassing information that can be used to extort money or favors from the victim. For example, a cybercriminal can use an old photo or video to threaten to expose it to the public or the victim’s contacts.
• Phishing: Old data can contain contact information that can be used to send fake or malicious emails or messages to the victim or their acquaintances. For example, a cybercriminal can use an old phone number to send a text message claiming to be from a bank or a government agency and asking for personal or financial details.

At the same time, old data can be compromised by cybercriminals in various ways, such as:

• Data breaches: Cybercriminals can hack into online platforms or databases and steal old data that has not been deleted or secured properly. For example, in 2021, a hacker leaked the personal data of 533 million Facebook users from a 2019 breach.
• Malware infections: Cybercriminals can infect computers or devices with malicious software that can access and transmit old data stored on them. In 2021, a ransomware attack on Colonial Pipeline disrupted the supply of fuel in the US and exposed old data of the company’s customers.
• Phishing attacks: Cybercriminals can trick users into clicking on malicious links or attachments that can download malware or redirect them to fake websites that can capture their old data. For example, a phishing campaign in 2020 targeted Netflix users and asked them to update their payment details on a spoofed website.

As such, businesses need to be sure of how they use and store their data. At the end of the day, any form of data breach involving any type of data should not be taken lightly.

The post Malaysian telco provider has data breach – again appeared first on Tech Wire Asia.

Cyberattacks by Russian hackers have intensified recently, targeting two major technology companies within the same month. Hewlett Packard Enterprise (HPE) disclosed a breach in its cloud-based email systems, perpetrated by the same Russian hacking group implicated in previous Microsoft email account intrusions.

In a securities filing, HPE revealed that the December 12, 2023 incident affected several email accounts in areas including cybersecurity, marketing, and various business sectors. Following the discovery of the breach, HPE engaged external cybersecurity experts to launch an investigation and response, successfully eradicating the malicious activity.

HPE became aware of the intrusion on January 12, as stated in their Securities and Exchange Commission filing. The company suspects the hackers are part of Cozy Bear, a unit of Russia’s SVR foreign intelligence service.

MICROSOFT BRINGS MORE NEW FEATURES TO COPILOT

Aaron Raj | 17 January, 2024

Cozy Bear: the notorious group behind the attacks

Microsoft, too, experienced a similar breach in its corporate network, reported last week. Originating in late November, this attack compromised accounts of senior executives and staff in cybersecurity and legal departments, with Cozy Bear believed to be responsible.

Cozy Bear is a sophisticated cyber-espionage group with links to Russia’s foreign intelligence service, known by various names like “Midnight Blizzard” and “APT29.” The group, noted for stealthy intelligence-gathering, primarily targets Western governments, IT service providers, and think tanks in the US and Europe. Cozy Bear’s notoriety increased after orchestrating the SolarWinds breach.

HPE’s investigation suggests that the hackers have been accessing and extracting data from certain mailboxes since May 2023. Adam R. Bauer, a spokesperson for HPE, declined to reveal the source of the breach notification. He confirmed that the affected mailboxes were running on Microsoft software. The company is still assessing the full extent of the breach, which appears not to have significantly impacted its operations or financial health. This incident follows a new US Securities and Exchange Commission rule requiring public companies to report breaches that could impact their business promptly.

HPE joins Microsoft in “getting hacked by Russian hackers.” (Source – X).

Additionally, the HPE breach involved unauthorized access to a limited number of SharePoint files in June 2023. SharePoint, a Microsoft 365 suite component, encompasses email, word processing, and spreadsheet applications.

While HPE is unable to confirm a direct link between its breach and the one reported by Microsoft, the company continues its investigation. The seniority of the affected HPE employees and the full scope of accessed mailboxes remain under scrutiny.

In response to these incidents, US officials have pointed out that Cozy Bear used compromised software from US tech firm SolarWinds in 2020 to infiltrate various US government agencies. This led to an overhaul of the US government’s cybersecurity defenses. Since then, the group has continued targeting US and European government agencies, frequently exploiting software providers and demonstrating a particular aptitude for breaching cloud computing networks. The FBI has observed such tactics as early as 2018.

Regarding the December breach, HPE is evaluating its potential impact on the company’s financial status and operations.

Microsoft’s recent disclosure of a breach by Cozy Bear involved a small number of its corporate email accounts, including senior executives. The company’s response included immediate investigation and mitigation efforts. However, Microsoft’s revelation that the hackers employed a simple technique, known as password spraying, has led to increased scrutiny of its security practices. A senior US National Security Agency official expressed disappointment over Microsoft’s vulnerability to such attacks, emphasizing the need for large tech firms to be vigilant against state-backed hackers.

Microsoft has refrained from commenting on these developments. Additionally, the company was involved in an alleged Chinese hack last year, compromising the email accounts of top US officials, including the Commerce Secretary and the US Ambassador to China. This campaign originated with the breach of a Microsoft engineer’s corporate account.

Sweden is also targeted by Russian hackers

In a related development, Russian hackers are suspected of disrupting online services for several Swedish government agencies and retail stores, as reported by IT consultancy Tietoevry. The Swedish-Finnish company indicated that resolving the issue might take considerable time.

The Moscow Times reported that the attack affected Tietoevry’s data center in Sweden, impacting online transactions at the country’s largest cinema chain, department stores, and other retail outlets. Sweden’s central government service center, Statens Servicecenter, experienced disruptions to its human resources system, affecting public sector employees’ ability to submit overtime, sick leave, or vacation requests.

In a statement issued recently, Tietoevry suggested that the restoration process could extend over several days or weeks due to the incident’s complexity and the numerous customer-specific systems involved. Caroline Johansson Sjowall, spokesperson for Statens Servicecenter, reported that the attack affected “120 government agencies and more than 60,000 employees.”

Cybersecurity experts, including Tietoevry, suspect the involvement of Akira, a hacker group with Russian ties. The company has filed a police report regarding the attack and is assessing its financial implications. Currently, Tietoevry has not released any information regarding a ransom demand, which is typical in ransomware attacks where hackers encrypt or steal data and then demand payment for its decryption or to prevent its public release.

Civil Defense Minister Carl-Oskar Bohlin stressed the urgency of prioritizing cybersecurity across both public and private sectors. In a statement on X, formerly known as Twitter, Bohlin announced the government’s intention to convene a meeting with affected parties to thoroughly evaluate the incident and formulate a response strategy once the operational phase is concluded.

The Swedish Civil Contingencies Agency (MSB) underscored the significance of this attack as a critical alert. Margareta Palmqvist, head of information security at MSB, voiced concerns to the Swedish news agency TT about the country’s rapid digitalization outpacing its cybersecurity investments. She emphasized the importance of being proactive in cybersecurity measures, ensuring preparedness for such cyber threats.

This series of cyberattacks underscores the evolving landscape of digital threats, highlighting the critical need for robust cybersecurity measures in both the public and private sectors. The incidents involving HPE, Microsoft, and the Swedish government agencies reflect a growing trend of sophisticated cyber-espionage and ransomware attacks that target vital infrastructure and services.

As these threats evolve, the need for vigilance and investment in cybersecurity becomes increasingly crucial to protect sensitive data and maintain the integrity of critical systems worldwide.

The post Russian hackers are targeting everyone; first Microsoft, now HPE – and there could be more appeared first on Tech Wire Asia.

One of the biggest problems with data collected by government agencies is that it is often stored in silos by the respective agencies. Accessing all this data through a single platform or hub would ideally be the most effective way to gain comprehensive insights.

The Malaysian government has just launched the country’s national central database hub. Called Padu, the system will contain individual and household profiles of citizens and permanent residents in the country.

MOVING TOWARDS A PROACTIVE CYBERSECURITY APPROACH IN MALAYSIA

Aaron Raj | 30 June, 2022

The entire central database hub, developed locally, took around six months to complete. Since its launch, thousands of Malaysians have rushed to register their accounts, leading to such high registration traffic that the system briefly struggled to cope with the demand.

While most Malaysians were impressed that the government had finally launched a system consolidating all necessary information in one location, there were concerns about the security features of the Padu system. Comments on social media highlighted weaknesses in some features, particularly in user registration processes.

Rafizi Ramli, Malaysia’s Economic Minister who is overseeing the database, said that the government is aware of the cybersecurity concerns and has taken the measures needed to protect the data in Padu.

When the government handles data of this size, the risk in terms of data intrusion and security is a significant concern. The development of Padu has taken into account all the aspects of system security risks and classified information breaches,” he said.

In a report by Channel News Asia, the minister added that measures adopted include establishing comprehensive standard operating procedures as well as strategic cooperation between groups – namely the National Cyber Security Agency (NACSA), the Office of the Chief Government Security Officer (CGSO), CyberSecurity Malaysia and the Department of Personal Data Protection (PDP).

“The government has also appointed a group of independent experts with expertise in various fields who act as a check and balance in ensuring that Padu’s development includes the latest and best safety features,” added the minister.

Padu developers were quick to fix a flaw after it was highlighted on X.

How secure is Padu?

Several cybersecurity professionals in Malaysia have raised concerns about the Padu database. Given that the database is also expected to underpin the country’s forthcoming digital ID, many emphasize the need for developers to ensure the absence of backdoors that could be exploited by cybercriminals to compromise the system.

According to a report by The Star, CyberSecurity Malaysia (CSM) chief executive officer Datuk Dr Amiruddin Abdul Wahab said that cyberthreats to the data of millions of Malaysians are real and constantly evolving with technological advancements. Despite this concern, he assured readers that the responsible authorities have undertaken all necessary measures to secure Padu.

“CSM was tasked with conducting a Security Posture Assessment (SPA) as an independent third party. However, the overall requirements and ownership belong to the Malaysian Administrative Modernisation and Management Planning Unit (Mampu) and the Statistics Department. Generally, the cloud is secure for storage, and it is based on the cloud security controls implemented by the cloud service provider,” he added.

Additionally, Dr Amiruddin expressed hope that the government would conduct regular security audits on Padu. He emphasized that, given the ever-evolving nature of threats, the current security system does not guarantee future safety.

Former DAP MP Ong Kian Ming has urged the government to suspend the registration of users for the Central Database Hub, or Padu, until concerns over security issues are resolved.

Five ways the central database hub can be compromised

The Tech Wire Asia team decided to register their details on the system. Initially, the layout and design of the system seemed very amateurish, resembling the work of student developers. The database appeared to predominantly focus on sources of income, which seems redundant since most individuals already declare their taxes to the Inland Revenue Board of Malaysia.

If Padu aims to streamline subsidies to deserving individuals, it may face challenges, particularly because many who need government assistance are in rural areas with limited access to the platform.

JAPAN’S LIQUID GLOBAL THE LATEST VICTIM OF CRYPTO HACKS

Aaron Raj | 25 August, 2021

The registration process was straightforward. However, the eKYC component, highlighted as complex by several parties, was the most challenging aspect. A former MP even suggested that the government should suspend the registration of accounts until all security concerns on the platform have been addressed.

With that said, here are five ways hackers and cybercriminals could easily compromise the Padu platform.

Identity theft – While some have denied this is a possibility, the reality is that once a cybercriminal has access to an account, they will also have access to all the information that is available. That includes not only personal data but also financial data, including the source of any recorded income.

Such information would fetch a hefty price on the dark web. Hackers could also use the information to set up accounts on other sites, causing havoc to victims. For example, a hacker could use the information for financial identity theft, in which the malicious actor uses financial details to apply for and obtain credit, loans, goods, and services.

Brute force attacks – A brute force attack uses trial-and-error to guess login information and encryption keys, or find a hidden web page. Hackers work through all possible combinations hoping to guess correctly.

For Padu, once a user has verified their account, there is no multi-factor authentication needed to log in to their accounts. All that is needed is the identity card number and password – which can be easily compromised. In fact, the Economy Ministry has thanked a member of the public who found a loophole within its system that allowed third parties to use identity card numbers to override passwords in Padu.

DDoS attacks – A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt online services or sites by overwhelming its target with unusually high volumes of data traffic. Hackers can easily launch DDoS attacks on the platform to disrupt its services. For example, in Singapore last year, a DDoS attack disrupted the country’s public healthcare institution website for hours, leaving many unavailable to log in and such.

Application vulnerabilities – No matter how secure it is, or how big a budget an organization has, all software has some flaws or bugs that can be exploited by cybercriminals. The developers of Padu need to constantly update their software to the latest version. They should also avoid downloading or installing software from untrusted sources or clicking on suspicious links or attachments.

Currently, Padu says that the responsibility for data security lies with the source of the data – meaning each government agency from which the data is coming. But this mentality needs to change as data security needs to be a collective responsibility.

Data breaches – Everyone knows the weaknesses in Malaysia’s cybersecurity laws and the number of data leaks, breaches and such that have occurred in government agencies. As a matter of fact, the current PDPA laws in Malaysia exclude government agencies. Hence, if a data breach was to occur on the database, who would be responsible for it?

The bottom line is that the central database hub is definitely a system that could be a game-changer for Malaysia. But if the concerns raised are not addressed properly, the platform could end up causing more harm to the public instead of benefiting them. With the country’s digital ID plans on the horizon, improving the security features in Padu should be a prerogative that must not be taken lightly.

The post Here’s how Malaysia’s central database hub, Padu can be compromised by cybercriminals appeared first on Tech Wire Asia.

Ubisoft, the French video game company celebrated for its array of popular titles such as Assassin’s Creed, FarCry, Tom Clancy’s Rainbow Six Siege, and the newly launched Avatar: Frontiers of Pandora, has recently found itself grappling with a cybersecurity dilemma.

There are reports that Ubisoft is investigating a cybersecurity breach involving an anonymous hacker who reportedly infiltrated key company channels like Microsoft Teams, Confluence, Atlas, and SharePoint. The intruder is said to have had access for 48 hours before being ousted from the system.

TOP 5 SIGNIFICANT LAYOFFS IN GAMING IN 2023

Muhammad Zulhusni | 30 November, 2023

Investigating the recent cyberattack hitting Ubisoft

The gaming community, particularly the Gaming Leaks and Rumours subreddit, and a Bleeping Computer report, highlight that screenshots supposedly captured during the cyberattack on December 20th have been leaked online. Ubisoft has acknowledged this incident and is looking into this supposed data security breach.

Ubisoft’s official statement was concise: “We are aware of an alleged data security incident and are currently investigating. We don’t have more to share at this time.”

Vx-underground, via a tweet, shared information from an undisclosed source claiming responsibility for the breach on December 20th. This individual alleged their intention was to extract roughly 900GB of data after gaining entry to Ubisoft’s internal systems, including the SharePoint server, Microsoft Teams, Confluence, and MongoDB Atlas panel. They also purportedly provided screenshots showing access to some of these platforms.

Vx-underground reports that an unidentified aggressor claimed to have infiltrated Ubisoft on December 20th. (Source – X).

In a separate but possibly related development, MongoDB Atlas reported a breach. However, there seems to be no direct connection between that incident and the one at Ubisoft.

In communication with vx-underground, the perpetrators revealed their failed attempt to steal data from Rainbow 6 Siege users. They were detected and subsequently lost access before they could complete their intended data theft.

Ubisoft is no stranger to cyberattacks. In 2020, the company fell victim to the Egregor ransomware gang, leaking portions of the Ubisoft game Watch Dogs‘ source code. Another breach occurred in 2022, disrupting the company’s games, systems, and services.

The Lapsus$ connection: past and present intrusions

In these previous instances, the cybercriminal groups responsible for the attacks were either known or strongly suspected. For instance, the 2022 breach was widely attributed to the Lapsus$ group.

Ubisoft has reported a temporary disruption to some of its games, systems, and services in light of the most recent incident. The company’s IT teams are currently probing the issue in collaboration with external experts. As a precautionary measure, Ubisoft initiated a reset of passwords across the company. The company also ensured that all games and services were functioning normally, and at the time of publishing, there was no indication that any players’ personal information had been compromised or exposed in the incident.

Lapsus$, a hacking group based in South America, indirectly hinted at its involvement in the recent cyberattack at Ubisoft on Telegram, accompanied by a smirking face emoji. However, it did not directly claim responsibility. The group later added in the same thread that its target was not Ubisoft as such, but the customer data it could harvest from the attack.

Previously, Lapsus$ made headlines for claiming responsibility for leaking Nvidia employee password hashes, leading to outages in Nvidia’s developer tools and email systems. The group even threatened to release confidential files related to Nvidia’s GPUs unless its demands for open sourcing the GPU drivers were met. It also confessed to breaching Samsung’s systems and leaking almost 200 GB of internal files online. Furthermore, Lapsus$ broadcasted on Telegram its intent to recruit insiders at potential targets, explicitly targeting significant software and gaming corporations.

Ubisoft’s server revival and future closures

In an unrelated turn of events, Ubisoft gamers were surprised to find that servers for games like Driver: San Francisco, Splinter Cell: Blacklist, Rayman Legends, and Assassin’s Creed III, which were officially shut down in October 2022, have mysteriously come back online. This unexpected development has allowed players to earn various online achievements previously considered discontinued.

APAC LEADS IN WEB3 GAMING DEVELOPMENT

Muhammad Zulhusni | 23 November, 2023

TrueAchievements community members have noted that the servers for Driver: San Francisco and Splinter Cell: Blacklist are operational again. Additionally, there are reports that servers for Assassin’s Creed III and Rayman Legends on Xbox 360 are also back. Players can now unlock achievements linked to these games’ online features.

However, it is speculated that this server reactivation is an unintentional outcome from Ubisoft, and it’s likely that the servers will go offline again shortly. Gamers hoping to obtain achievements from these games are encouraged to seize this opportunity swiftly.

Looking ahead, next month is set to see the closure of servers for four Xbox games, including WWE 2K22, signaling the end of an era for these titles.

The post Ubisoft faces the challenge of a recent cyberattack appeared first on Tech Wire Asia.

MongoDB, a database software company, recently issued a warning about a breach in its corporate systems, leading to the exposure of customer data. This cybersecurity incident marks a significant event for the company, known for its extensive reach in the database software market and its substantial revenue of US$1.2 billion this year.

MongoDB database breach: unveiling the incident

The breach was first detected on the evening of December 13, 2023 (US Eastern Standard Time), when MongoDB identified suspicious activity within its corporate systems. The company promptly initiated its incident response process. However, it is believed that the unauthorized access had been ongoing for some time before its discovery.

In a notice posted on December 16 on its alert page, MongoDB confirmed the security incident involved unauthorized access, resulting in the exposure of customer account metadata and contact information. Despite this, MongoDB assured customers there was no evidence of exposure to the data stored in MongoDB Atlas, its flagship database service.

HOW GOVERNMENTS CAN MIGRATE TO OPEN-SOURCE SOFTWARE DATABASES

Aaron Raj | 23 December, 2022

As a precaution, MongoDB recommends customers remain alert to potential social engineering and phishing attacks. The company advises activating phishing-resistant multi-factor authentication (MFA) and the regular rotation of MongoDB Atlas passwords. MongoDB emphasizes that it has not found any security vulnerabilities in its products as a result of this incident.

Importantly, MongoDB says that access to MongoDB Atlas clusters is authenticated through a system separate from the compromised corporate systems. As of December 17, no evidence suggests any unauthorized access to MongoDB Atlas clusters or compromise of the Atlas cluster authentication system.

The breach resulted in unauthorized access to some corporate systems containing customer names, phone numbers, email addresses, and other account metadata. Notably, system logs for one customer were accessed, and MongoDB has notified the affected customer. There is no indication that other customers’ system logs have been accessed.

MongoDB database vulnerability leads to customer data leak. (Source – X).

Past incidents

The database provider company has faced multiple cybersecurity incidents, not just this recent one. In July 2020, a significant event unfolded when a hacker placed ransom notes on 22,900 MongoDB databases that were exposed online without password protection. At the time it was claimed that this figure represented nearly half (47%) of all misconfigured self-hosted MongoDB databases that had been left accessible online.

In this incident, the hacker employed an automated script to identify and exploit misconfigured MongoDB databases. The script erased the database contents and replaced them with a ransom note demanding 0.015 bitcoin (approximately US$140).

The cybercriminal set a tight deadline, giving companies two days to comply with the payment demands. Failure to pay would result in the leaking of their data and a report to the victim’s local General Data Protection Regulation (GDPR) enforcement authority, exposing them to potential legal issues.

UNPRECEDENTED DATA BREACHES OF THE LAST TEN YEARS – AND THEIR AFTERMATH

Muhammad Zulhusni | 8 December, 2023

These specific ransomware attacks, identified by the ransom note titled “READ_ME_TO_RECOVER_YOUR_DATA,” were first detected in April 2020. The attacker repeatedly accessed the same databases, leaving multiple copies of the ransom note over several days.

Such MongoDB wiping and ransom attacks are not a recent phenomenon. These incidents are part of a larger trend that began in December 2016. At that time, hackers discovered they could profit significantly by erasing MongoDB servers and demanding ransoms, exploiting the desperation of server owners to recover their data.

In a series of attacks, over 28,000 servers were held for ransom in January 2017, followed by another 26,000 in September 2017, and 3,000 more in February 2019.

This specific MongoDB incident occurred during a year marked by several high-profile data breaches. For example, in November 2020, Samsung reported a significant breach spanning a year, from July 1, 2019, to June 30, 2020. This breach resulted in unauthorized access to customer data from its UK store, but it wasn’t discovered until November 13.

Samsung assured that no financial data or customer passwords were compromised, though contact information was accessed. In response, the company reported the breach to the Information Commissioner’s Office and notified the affected customers, taking steps to resolve the situation.

Ongoing investigation and updates

MongoDB continues to investigate the breach and will provide updates on the MongoDB Alerts web page, which is used for communicating about outages and other incidents. The company remains committed to transparency and the security of its systems and customer data.

This incident serves as a reminder of the ever-present cyberthreats facing technology companies. It underscores the importance of robust security measures and constant vigilance in an increasingly interconnected digital world. Customers of MongoDB and similar services are urged to follow the recommended security practices and stay informed about the latest updates regarding this breach.

The post The database provider MongoDB security breach exposes customer contact information appeared first on Tech Wire Asia.

Data security has become paramount in a world increasingly reliant on digital technologies. Toyota, a global leader in the automotive industry, has recently faced a series of significant data breaches, raising concerns about the safety of customer information. These incidents at Toyota Financial Services (TFS) and other divisions have exposed millions of customers’ sensitive personal and financial details, highlighting the vulnerabilities even large corporations face in the digital age.

Toyota Financial Services, a division of Toyota Motor Corporation, operates in almost all markets where Toyota vehicles are sold, offering automotive financing services.

The company issued a statement on its website: “Due to an attack on the systems, unauthorized persons gained access to personal data. Affected customers have now been informed. Toyota Kreditbank’s systems have been gradually restarted since December 1st.”

UNPRECEDENTED DATA BREACHES OF THE LAST TEN YEARS – AND THEIR AFTERMATH

Muhammad Zulhusni | 8 December, 2023

Immediate response and advisories

Toyota Financial Services advised its German customers to remain alert, contact their banks for added security measures, monitor unusual activities, and check their credit status with Schufa. The company has also reported the breach to North Rhine-Westphalia’s data protection officer.

Previously, Toyota acknowledged unauthorized access to some of its European and African systems, following claims by the Medusa ransomware group that it had compromised the automaker’s division.

Toyota has had a bad year for data breaches.

Medusa, also known as MedusaLocker, has claimed responsibility for the breach and listed Toyota Financial Services on its Tor-based leak site, threatening to release the stolen data unless a US$8 million ransom is paid within ten days. Evidence, including screenshots and a file directory made public by the attackers, indicates that the data was extracted from Toyota Financial Services’ systems in Germany.

SecurityWeek reported that the hackers’ published screenshots reveal various corporate documents, spreadsheets with personal data, and copied passports. Cybersecurity expert Kevin Beaumont suggested that the Medusa group might have exploited the Citrix NetScaler vulnerability, CVE-2023-4966 or CitrixBleed, to infiltrate the company.

Beaumont noted that Toyota Financial Services had an exposed Citrix Gateway system in Germany, potentially vulnerable to CitrixBleed attacks. This vulnerability has been widely exploited in ransomware attacks, including by the LockBit group against government, legal, and banking institutions. LockBit also claimed responsibility for a recent attack on China’s largest bank – which had an exposed Citrix system.

FROM 1% TO 100%: TALLYING THE IMPACT FROM OKTA DATA BREACH

Aaron Raj | 5 December, 2023

Beaumont also identified vulnerable, internet-exposed Citrix devices belonging to Boeing and Australian shipping firm DP World, which were recently targeted. It appears Toyota has not engaged in ransom negotiations with the attackers, and as a result, all the compromised data is now available on Medusa’s dark web extortion portal. Toyota Kreditbank GmbH in Germany has acknowledged the breach, admitting that hackers have accessed customer data.

Heise obtained a sample of Toyota’s communications to German customers, confirming that names, addresses, contact information, lease-purchase details, and IBAN numbers were among the compromised data, which could be exploited for phishing, scams, and identity theft.

Toyota issues a statement on its data breaches. (Source – Toyota)

The notification confirms the compromised data, but Toyota’s internal investigation is ongoing, and additional data breaches may yet be uncovered. Toyota has commited to keeping affected customers informed about any further data exposure discovered during the ongoing investigation – arguably, the very least its customers should be able to expect.

Toyota’s historical data breaches

In May of this year, Toyota disclosed a significant data breach, revealing that over two million customer records had been exposed online for the past ten years. This revelation followed the detection of a data leak involving the details of 260,000 car owners.

In a recent statement, Toyota acknowledged an additional set of data that was inadvertently made available externally due to a misconfiguration in Toyota’s connected cloud service. This service provides various internet services in the company’s vehicles, including vehicle information, in-car entertainment, and emergency support in case of accidents or breakdowns.

The issue came to light during an extensive review of Toyota’s cloud infrastructure, following an earlier admission this month that customer data was publicly accessible online.

The exposed information includes identifiers for in-vehicle devices and mapping data shown on the navigation systems of Toyota customers in Japan. However, this data does not contain specific location details and is insufficient to identify individual customers. The exposure potentially impacts customers who bought Toyota vehicles since December 2007, with the data breach taking place between February 2015 and May 2023. Toyota plans to issue individual apologies to the customers affected by this breach.

Toyota has also confirmed that an unspecified number of customers outside Japan, particularly in Asia and Oceania, also had their personal information exposed between October 2016 and May 2023. The nature of the exposed data varies but may include names, addresses, Toyota-specific customer numbers, and vehicle registration and identification details. The company intends to inform these customers, as per regional legal requirements.

Moving forward: Toyota’s commitment to data protection

In summary, Toyota’s string of data breaches serves as a potent reminder of global companies’ challenges in safeguarding personal information in the digital era. While Toyota is taking steps to address these breaches and inform affected customers, the incidents underscore the ongoing need for robust cybersecurity measures across industries. As Toyota continues its investigation and strengthens its digital defenses, these events highlight the importance of vigilance and proactive strategies in data protection.

The post Data breaches at Toyota: the company once again warns customers of a breach appeared first on Tech Wire Asia.

Imagine a scenario where your online activities, from casual email exchanges to confidential financial dealings, leave a digital footprint prone to cyberthreats. This situation is far from a mere speculative plot in a science fiction film; it’s a tangible challenge we confront in our current era of digital interconnectivity. In this environment, the security of our personal data, which is invaluable and deeply intertwined with our private lives, is under continuous threat.

Despite its role in connecting global communities and streamlining our lives, this digital era has also been the backdrop for some of the most significant data security breaches. These incidents, impacting billions of people worldwide, go beyond mere statistics. They represent personal stories, breaches of confidential information, and shattered trust, all having far-reaching consequences in our increasingly online existence.

FROM 1% TO 100%: TALLYING THE IMPACT FROM OKTA DATA BREACH

Aaron Raj | 5 December, 2023

What have been the most monumental data breaches of recent times? And how have even prominent corporations succumbed to cyber-incursions, despite the general awareness of the danger? From the astonishing Yahoo breach impacting billions to an unknown company’s unsecured database leak, each incident sheds light on the dynamic field of cybersecurity and the relentless effort to defend our digital selves.

Data breaches cause chaos, pain and financial calamity.

Analyzing monumental data breaches

A recent analysis by NinjaOne, a patch management software company, unveils startling findings: Yahoo’s 2013 data breach is the most severe, with three billion records compromised. This study sifts through the most significant breaches to identify which organizations have faced the gravest data losses.

1. Yahoo with three billion records in 2013

In 2013, Yahoo endured the most significant recorded data breach in history, affecting every one of its three billion user accounts. Initially underestimated at one billion affected accounts, this figure was later corrected to a breathtaking three billion. The breach led to the theft of diverse data, including email addresses, passwords, birth dates, and phone numbers.

2. First American Corporation with 885 million records in 2019

First American, the nation’s second-largest title insurance company, processes vast amounts of personal and financial information annually. This data, sourced from numerous title-related documents, is stored in its proprietary software, EaglePro.

In May 2019, a security weakness was discovered in EaglePro. This vulnerability allowed unauthorized access to confidential documents, enabling anyone with a specific link to view their documents and those of unrelated transactions without needing authentication. A whopping 885 million records were compromised due to lax security on its servers, exposing critical data like bank accounts, social security numbers, wire transactions, and mortgage details.

The New York State Department of Financial Services (DFS) investigated and found that First American had violated cybersecurity regulations. The company had failed to establish adequate governance, access controls, identity management, and risk assessment procedures, leading to insufficient security measures in EaglePro against unauthorized data access.

DFS recently announced that First American would face a US$1 million penalty for breaching cybersecurity regulations. This fine is linked to the May 2019 cybersecurity incident, which unintentionally exposed sensitive consumer information.

3. Facebook with 540 million records in 2019

A leak of data from around 540 million Facebook users, including personal details like names and phone numbers, was recently made public. Initially, Facebook downplayed this as relating to a known 2019 breach, but later admitted the data came from a previously unreported exploit in their contact import feature. The breach was distinct from other Facebook security issues and involved the information of notable figures. Facebook’s response to the incident, including a failure to directly notify affected users, has drawn criticism for lack of transparency and clarity.

4a. Marriott International with 500 million records in 2018

Marriott International, a global hotel chain, tied for the fourth-largest breach in 2018, with half a billion records compromised. The data breach, allegedly orchestrated by hackers linked to the Chinese government, targeted Marriott’s reservation database, compromising sensitive data, including passport numbers and credit card details.

4b. Yahoo with 500 million records in 2014

Yahoo’s 2014 data breach, tied as the fourth-largest, affected 500 million records, including personal details like usernames and birth dates. The fallout from this breach, which became more apparent in 2018 with a US$35 million fine for Yahoo’s delayed disclosure, heightened public awareness of data security. Additionally, between 2015 and 2016, hackers breached 32 million more accounts. Yahoo’s subdued response to these incidents, mainly through security notices on its website, sparked concerns about its commitment to robust cyberdefenses.

An X user does not trust Yahoo anymore. Unsurprisingly. (Source – X)

6. FriendFinder Networks with 412 million records in 2016

In 2016, FriendFinder Networks suffered a major hack, exposing over 412 million accounts across sites like Adultfriendfinder.com. Steve Ragan initially reported security flaws, but the full scale of the breach, involving usernames, emails, and weakly encrypted passwords, was revealed by LeakedSource. Despite a previous breach in 2015, FriendFinder continued insecure password practices, leading to widespread concerns about its commitment to data security.

7. Exactis with 340 million records in 2018

Exactis, a marketing and data aggregation firm, suffered the seventh-largest breach in 2018, with 340 million records exposed. It inadvertently made detailed personal data of millions publicly accessible, including phone numbers, addresses, and email contacts.

8. Airtel with 320 million records in 2019

In 2019, Airtel, a major Indian telecom provider, faced a data breach exposing 320 million customer records due to a system vulnerability. This breach compromised personal details like names, phone numbers, email addresses, and Aadhaar card numbers.

The incident prompted data privacy concerns and investigations in India. In response, Airtel strengthened its security protocols and informed affected customers, highlighting the need for stringent data protection measures to handle sensitive information.

9. Truecaller with 299 million records in 2019

Truecaller, known for its caller ID and call-blocking features, encountered the ninth-largest breach in 2019, with 299 million records compromised. Leaked data encompassed phone numbers, email addresses, and other personal details.

10. Database leak with 275 million records in 2019

In 2019, an unknown company reportedly faced the tenth-largest breach when a misconfigured database with 275 million records was exposed.

Rankings of the most significant data breaches. (Source – NinjaOne).

The need for robust cybersecurity measures

NinjaOne remarked on the findings, highlighting the immense value of data in our interconnected world and the significant returns of investing in robust security measures.

It underscored the importance of updating software and limiting access to sensitive data as critical strategies to minimize data breach risks.

NinjaOne pointed to Yahoo’s 2013 and 2014 data breaches, which resulted in billions of compromised records, as stark examples of the significant costs of data breaches. These incidents, with the 2013 breach being one of the largest in history, led to severe financial consequences for Yahoo.

The company faced a monumental class action settlement of US$117,500,000. Additionally, Yahoo and its successors encountered legal implications for how they managed these breaches.

BARKING UP THE WRONG DATA TREE: EVEN PETS AREN’T SAFE FROM A DATA BREACH

Muhammad Zulhusni | 4 December, 2023

“One such example is the US$35,000,000 SEC fine Yahoo incurred for not disclosing the data breach when it first learned about it, thereby misleading investors,” NinjaOne said.

This commentary emphasizes the critical nature of transparency and proactive security measures in the digital domain. The cases of Yahoo and others serve as stark reminders of the vital importance of protecting digital data and the potential consequences of failing to do so in our increasingly connected world.

The post Unprecedented data breaches of the last ten years – and their aftermath appeared first on Tech Wire Asia.

The recent Okta data breach may have actually had a greater impact than what was initially reported. Okta initially stated that hackers gained access to its customer support system and stole cookies and session tokens that could be used to compromise Okta customer accounts.

OKTA’S REPEATED SECURITY BREACHES AND DELAYED DISCLOSURES

Dashveenjit Kaur | 27 October, 2023

The breach supposedly affected around 1% of Okta’s 18,400 customers, including some prominent companies like 1Password, BeyondTrust and Cloudflare. These companies detected and blocked the intrusions before any of their own customers were affected, and notified Okta about the suspicious activity.

Okta initially said that there was no unauthorized access to the Okta service or customer data and that it has taken steps to secure its repositories and notify law enforcement. However, some security experts have criticized Okta for its delayed disclosure and repeated incidents, as this is not the first time Okta has suffered a breach due to social engineering or credential theft.

In 2022, Okta was breached by hackers who compromised a subprocessor that Okta had trusted to do customer support work. In August 2023, Okta was also targeted by a ransomware group that breached more than 100 organizations, including Twilio and New Relic.

As Okta is a leading identity and authentication platform that provides critical digital infrastructure for its customers, including top cloud providers, hyperscalers and technology companies, a breach of Okta could potentially expose sensitive data and credentials for multiple accounts belonging to some of the biggest companies across the globe. Okta claims that it does not rely on the confidentiality of its source code for the security of its services and that the Okta service remains fully operational and secure.

Previously, Okta reported a breach in October that resulted in approx. 1% of customer support users having their data stolen.

What really happened?

As things seemed to normalize, Okta continued its review of the breach. However, the recent findings from the review painted an even scarier scenario. According to a blog post by David Bradbury, the chief security officer at Okta, the threat actor was actually able to run and download a report that contained the names and email addresses of all Okta customer support system users.

“All Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers are impacted except customers in our FedRamp High and DoD IL4 environments (these environments use a separate support system not accessed by the threat actor). The Auth0/CIC support case management system was also not impacted by this incident,” said Bradbury.

OKTA: APAC WILL STEP UP DIGITAL IDENTITY MANAGEMENT FOR STRONGER SECURITY IN 2023

Aaron Raj | 24 January, 2023

Bradbury was quick to point out that the majority of the fields in the report are blank and the report does not include user credentials or sensitive personal data. In fact, he said that for 99.6% of users in the report, the only contact information recorded is full name and email address.

“While we do not have direct knowledge or evidence that this information is being actively exploited, there is a possibility that the threat actor may use this information to target Okta customers via phishing or social engineering attacks. Okta customers sign in to Okta’s customer support system with the same accounts they use in their own Okta org. Many users of the customer support system are Okta administrators. It is critical that these users have multi-factor authentication (MFA) enrolled to protect not only the customer support system but also to secure access to their Okta admin console(s),” added Bradbury.

Bradbury also acknowledged that there could now be a bigger risk for customers, since the names and email addresses were downloaded. Specifically, cybercriminals could use the data to launch phishing and social engineering attacks on the users affected. As such, Okta recommends its customers employ MFA for their administrators and consider using phishing-resistant authenticators to further enhance their security.

Okta is a leading identity and authentication platform that provides the critical digital infrastructure for its customers.

A costly data breach but valuable lesson for Okta

In the report, Bradbury also said that Okta identified additional reports and support cases that the threat actor accessed, which contain the contact information of all Okta-certified users and some Okta Customer Identity Cloud (CIC) customer contacts, and other information. Some Okta employee information was also included in these reports. This contact information does not include user credentials or sensitive personal data.

“We are working with a third-party digital forensics firm to validate our findings and we will be sharing the report with customers upon completion,” the statement said.

This update on the impact of the Okta data breach may have changed the entire situation. A jump from 1% to the entire customer portfolio is not a small change in the report. The concern now is what might happen if the investigations unveil that even more files and data were actually compromised from the breach.

As Okta looks to mitigate the situation and bring some calm to its customers, the reality is that all Okta customers should now look to boost their security. Okta has suggested MFA, but businesses can also look to add a few more layers of additional security, including allowing privileged access to its administrators.

Bloomberg reported that Okta has sent a notice to customers, warning them that they may face an increased risk of phishing and social engineering attacks. The company also said it had pushed new security features and recommendations to defend against targeted attacks.

While this would be a last resort, it wouldn’t be surprising to see some companies moving away from Okta to other providers, given the latest updates from the company.

Whatever happens, one thing is for certain – the cybercriminals are clearly the winners of this breach, as they not only managed to trick Okta into believing that only a small amount of data was compromised, but also made the company look incompetent in terms of addressing the issue to its customers in the first place.

The Okta data breach could end up being a much costlier and more impactful incident in the long run, especially since it is not the first time the company has been targeted.

The post From 1% to 100%: Tallying the impact from Okta data breach appeared first on Tech Wire Asia.

Cybersecurity is now so severe that even pets aren’t safe. In a world where digital data breaches are increasingly common, affecting financial institutions, healthcare records, and personal identities, it now appears that the scope of cyberthreats has extended to our four-legged friends. And it may be, therefore, that the best pet insurance for dogs is increased cybersecurity.

Not long ago, the idea of pets fiddling with high-tech gadgets was pure science fiction. Now, it’s a different story – 83% of pet owners across North America and Europe have jumped on the pet tech bandwagon, according to The Wall Street Journal.

Does this tech invasion make our furry friends (and us) more susceptible to cyberthreats?

Sadly, it does. Connectivity means vulnerability.

Cybersecurity researcher Jeremiah Fowler’s recent discovery of a significant data breach highlights this new aspect of digital security. The recent breach, involving an unsecured database containing over 56,000 records, exposed not only owners’ data but included pets’ medical records, DNA test results, and detailed pedigree histories.

COST OF A DATA BREACH FOR ASEAN BUSINESSES HITS RECORD HIGH

Aaron Raj | 28 July, 2023

The impact of the data breach on pets and their insurance

Fowler’s discovery was striking as it involved records of thousands of dogs worldwide and their owners’ information. The database, accessible publicly on cloud storage, included 56,624 documents in PDF, .png, and .jpg formats, amounting to 25 GB. His investigation revealed that the database was associated with the Worldwide Australian Labradoodle Association (WALA). This international entity advocates for the Australian Labradoodle breed and maintains high standards in breeding practices, if not cyber-hygiene.

Thanks to WALA’s global presence (its main office is in Washington state, USA, and it has regional offices across many continents), Fowler’s discovery included documents from various countries in the database. He promptly sent a responsible disclosure notice to WALA, but the database was only secured several days later.

WALA, as per its website, focuses on uniting Australian Labradoodle breeders globally to ensure high breeding standards and the establishment of a detailed and accurate database for preserving pedigree and health information. The exposed documents in the breach were comprehensive, including medical reports and DNA tests of dogs, their pedigree details showing lineage details, and information about the dogs’ owners, veterinarians, and testing laboratories. The data included names, addresses, contact numbers, and email addresses, among other details.

This breach highlighted the often-overlooked implications of pet medical data breaches in a sector where, as reported by the American Pet Products Association (APPA), a significant portion of US households own pets and spend a substantial amount annually on pet-related expenses.

An X user warns users about leaking information online. (Source – X)

Rising concerns: pet insurance fraud and microchip risks

The breach also raised concerns about the risk of pet insurance fraud. Given that policies for the best pet insurance for dogs cover a range of scenarios, from accidents to routine care, the exposure of such sensitive information could potentially be exploited for fraudulent insurance claims. Historical trends have shown a marked increase in pet insurance fraud, especially between 2010-2015. The North American Pet Health Insurance Association’s 2022 report detailed a significant number of insured pets and a substantial amount of premiums paid. Current data on the prevalence of fraud in this sector is not publicly available.

COULD THE PHILIPPINE HEALTH INSURANCE CORPORATION CYBERATTACK HAVE BEEN AVOIDED?

Aaron Raj | 11 October, 2023

An additional risk factor identified in the recent breach was the exposure of pet microchip numbers. Microchips aid identifying and recovering lost pets, and unauthorized disclosures alongside owners’ details, poses potential risks. Criminals could misuse this information, falsely claiming ownership of lost or stolen pets, given the high value of certain breeds, Labradoodles among them.

Beyond the risk of pet theft, there are concerns about social engineering tactics where criminals might impersonate authority figures to extract personal and financial information from pet owners, leading to fraud or identity theft.

Fowler stressed the importance of maintaining the confidentiality of pets’ microchip numbers and being vigilant about requests for related information. He advised pet owners to verify the identity of anyone asking for such details and to report any suspicious activities to the relevant microchip registry and local authorities. The exposed database underscores the need for robust data security measures and brings to light the diverse and often unexpected implications of data breaches.

Safeguarding against data breaches and scams

The phenomenon of “puppy scams” encompasses various deceptive activities connected to dog sales, often involving the advertisement of non-existant or falsely represented ‘pedigree’ puppies. A common scam is “breeder identity theft,” where fraudsters impersonate legitimate breeders to dupe buyers. Such scams comprise ads on classified websites or social media. Buyers should exercise caution and confirm the legitimacy of any breeder’s identity and credentials. Buyers should be wary of sellers offering high-value pedigree puppies at curiously low prices and avoid making payments or wire transfers without verifying the authenticity of the animal.

The WALA database leak, containing extensive pet health records and breeder information, presents a potential risk if exploited by criminals to falsely claim ownership of or breeding rights to specific dogs. The scope of access to the records by unauthorized parties remains unclear. The Better Business Bureau (BBB) in the United States reported that pet scams constituted 24% of online scams in their 2021 Scam Tracker.

The Federal Trade Commission (FTC) estimates less than 10% of scam victims report incidents, so the number of victims could be significantly higher. In 2022, Australians reported losses of over AU$ 3.5 million to pet-related scams, and the UK witnessed a 39% increase in such scams from 2020 to 2021, with an average loss of around £1,400.

The duration of exposure of the WALA database and the extent of access by unauthorized individuals is unknown. There is no direct claim that criminals accessed the exposed documents so no specific fraud risk. Similarly, there’s no allegation of related misconduct by WALA or that its members faced any direct threat. The focus here is on highlighting the potential risks associated with any data breach, especially those that could jeopardize the privacy and security of individuals or entities in such databases.

This incident not only underscores the widespread implications of cybersecurity in our everyday lives but also serves as a reminder that virtually no aspect of our lives, not even our pets’ information, is immune to the reach of cyberthreats.

So it could well be that the best pet insurance for dogs is simply stronger cybersecurity.

The post Barking up the wrong data tree: even pets aren’t safe from a data breach appeared first on Tech Wire Asia.

Over the last two years, many companies have faced at least one cyberattack, with some experiencing up to six. Responses to these breaches vary: while some organizations focus on implementing new automated security tools, others prioritize expanding their IT staff, managing cybersecurity risks internally, or outsourcing security solutions.

Training and education play a role in cybersecurity strategies, but perhaps not as significantly as they should, given that most cyber-incidents in recent years are attributed to human mistakes. A study by Kaspersky highlighted that employee breaches of security policies are just as dangerous as external hacking threats.

The role of employee conduct in managing cybersecurity risks

In the Asia Pacific (APAC) region, 33% of business cyber-issues were due to deliberate security protocol breaches by employees. This finding is nearly as impactful as the 40% of breaches caused by hacking. These figures slightly exceed the global averages of 26% for employee violations and 30% for hacking incidents.

CAN KASPERSKY HELP CSM AND NASCA IMPROVE CYBERSECURITY IN MALAYSIA?

Aaron Raj | 20 June, 2023

The general view is that human error is critical in business cyber-incidents, but the reality is more nuanced. The overall state of a company’s cybersecurity involves several complex factors beyond just human error.

In January 2020, Marriott International faced a significant cybersecurity breach. Hackers exploited vulnerabilities in a third-party application used by Marriott to deliver guest services, gaining unauthorized access to the personal data of 5.2 million guests. This compromised data encompassed a range of sensitive information, including passport details, contact information, gender, birth dates, loyalty program particulars, and individual preferences.

The breach was orchestrated by hijacking login credentials belonging to two Marriott employees, allowing the attackers to infiltrate the hotel’s third-party service system. Despite the infiltration, Marriott’s security measures failed to detect the abnormal activities associated with these employee accounts for approximately two months. The breach was eventually identified and contained by Marriott’s security team towards the end of February 2020.

This incident at Marriott International highlights the multifaceted nature of cybersecurity threats, including those caused by internal vulnerabilities and third-party applications. It serves as a potent reminder of the need for comprehensive security measures encompassing technology and human factors.

Enhancing security protocols in APAC

AUSTRALIA AND NEW ZEALAND TO SEE UPLIFT IN CRITICAL INFRASTRUCTURE CYBERSECURITY

Aaron Raj | 28 November, 2023

Kaspersky’s research involved surveying IT security professionals from small and medium enterprises (SMEs) and larger organizations worldwide. The survey, which included 234 respondents from the Asia Pacific region, aimed to understand the influence of various internal and external individuals on a company’s cybersecurity. The study found that policy breaches by regional employees are a significant issue, alongside genuine mistakes.

In APAC, intentional cybersecurity rule breaches occurred among IT and non-IT staff. Violations by senior IT security officers accounted for 16% of cyber incidents, surpassing the global average. Breaches by other IT and non-IT staff resulted in 15% and 12% of incidents, respectively.

The study also identified common problematic employee behaviors, such as using weak passwords or failing to update them, leading to 35% of cyber-incidents in the past two years. This is higher than the global rate of 25%. Additionally, 32% of breaches were due to employees visiting insecure websites, and 25% occurred because of delayed software or application updates.

Results of Kaspersky study for the Asia Pacific (APAC) region. (Source – Kaspersky).

According to Adrian Hia, managing director for Asia Pacific at Kaspersky, the continual breaches of basic security policies by employees, despite high-profile cyberattacks, are concerning. “With this latest study showing APAC’s numbers always higher than the global average, a multi-departmental approach to building a strong enterprise cybersecurity culture is urgently needed to address this human factor gap that is being exploited by cybercriminals,” Hia added.

Deliberate security policy violations also include using unauthorized services or devices. Around 31% of companies experienced breaches due to unapproved data-sharing methods, and many employees used unauthorized devices or personal emails for work purposes, contributing to security incidents.

Building a culture of digital safety

It’s concerning that, in addition to previously mentioned irresponsible behaviors, a significant portion (26%) of cyber-misdeeds in the APAC region was carried out by employees seeking personal benefit. Particularly noteworthy is the prevalence of deliberate breaches of information security policies in the financial sector, where 18% of respondents acknowledged such incidents.

Human errors playing a role in a data breach. True or false? (Source – X).

Cybersecurity risks are not only external; they also include various internal elements within an organization. Employees across all departments, be it non-IT or IT security roles, can impact cybersecurity, sometimes inadvertently and other times deliberately. Consequently, it’s crucial to adopt strategies that prevent breaches of information security policies, endorsing a holistic approach to cybersecurity.

Alexey Vovk, Kaspersky’s head of information security, emphasizes the gravity of these findings. He advocates the establishment of a strong cybersecurity culture within organizations from the outset. This involves formulating and enforcing stringent security policies and enhancing employee awareness about cybersecurity. Such initiatives ensure that employees are more conscientious and fully comprehend the implications of any security policy infringements.

The post Managing cybersecurity risks caused by employees can be as harmful as hacking in APAC appeared first on Tech Wire Asia.