East Asia have been targeted by a stream of cyber-attacks carried about by an advanced persistant threat (APT) group. The group goes by several names such as Tick, Brzone Butler and Redbaldknight.

The APT group’s main targets are South Korea and Japan. This current wave of Datper malware attacks is written in Delphi and is capable of executing shell commands to gain information from the infected machine, such as hostnames and drive information.

Security researchers from Cisco Talos have stated It is not yet known how the attacks are being conducted since command and control (C2) servers in question are not active. However, they say it’s possible the malware is being delivered using web-based attacks such as drive-by downloads, or by watering hole attack. Watering hole attacks is a security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit.

Could this signal the re-emergence of Comment Crew

A fresh wave of APT cyber-attacks has hit South Korea, but also US and Canada, causing some to believe this could spell the re-emergence of Chinese government backed hacking group Comment Crew. Security company McAfee claimed they have discovered a new hacking campaign that focuses on cyberespionage and data reconnaissance.

Comment Crew or otherwise known as Shanghai Group or APT1 is thought to be responsible for the majority of China’s cyber-attacks since 2006. In 2013 they were linked to the successful hacks of over 100 US companies, but vanished soon after the exposure, along with hundreds of terabytes of data. The Chinese government maintains that they do not sponsor hacking and claim to be a victim to hacking campaigns themselves.

McAfee has found malware that reuses some of the code that was uses in a campaign called Seasalt that was introduced by APT1 around 2010. The reason this is interesting is because this code was never released publicly, lending authority to McAffee’s claims.

A recent campaign, named Operation Oceansalt has been linked to Comment crew. Operation Onceansalt started in May this year and was seen to be targeting Korean speaker with a data reconnaissance implant. Four more waves have since been detected, aimed against companies in South Korea, the United States and Canada.

The Oceansalt implant gives attackers full control of any system or network it is connected to, however, is mainly used for espionage activity. McAffee acknowledged that the implant allows for information to be sent to a control server and commands can also be executed on infected machines, however the full extent of its purpose is not known.

The waves of attacks

The first wave of attacks happened when a South Korean website was compromised, allowing for a spear-phishing campaign to take place. This was done through Microsoft excel email attachments.

For the first two waves of the attack the targets were South Korean public infrastructure officials. The third round of malware documents was distributed from another compromised South Korean website, and the content related to the financials of the Inter-Korean Cooperation Fund.

In the fourth wave involved the targeting of investment, healthcare, banking and agriculture industries in the US and Canada. There are few details around the extent or damage of this wave.

The fifth wave primarily targeted South Korea and the United States using Oceansalt implant.

Although the full motive of the attack is unclear, there is speculation that it could be financial, or a small part of a much larger attack.

The post The APT attacks hitting East Asia appeared first on Hack Ware News.

Within two hours, Japanese cryptocurrency exchange Tech Bureau Corp. was hacked last September 14 which was unfortunately discovered four days after the culprits managed to steal 6.7 billion yen or 59.67 million dollars-worth of cryptocurrency composed of Bitcoin, Bitcoin Cash and Monacoin; more than half of which belonged to customers.

The cryptocurrency was stolen from internet-connected “hot wallets” which are more vulnerable than cold wallets that remain in the dark until connected.

The customers won’t have to wallow in despair though. Tech Bureau managed to merge with JASDAQ-listed Fisco Ltd. For a majority ownership investment amounting 5 billion yen in order to pay back the customers.

This comes after another massive cryptocurrency hack last January when crypto-exchange Coincheck lost a massive 530 million dollars-worth of digital currency. Coincheck in turn was absorbed by Japanese online brokerage group Monex Group Inc.

Amazing how resilient the industry remains, hack after hack. Despite these, over 160 entities express their willingness to enter the cryptocurrency exchange market, perhaps due to the recent Bitcoin surge. Bitcoin has since dropped but value remains at over 6,000 dollars.

Japanese crypto-exchanges have lately come under fire for lack of security and mismanagement, and will continue to burn more after the recent hack of Tech Bureau. The Japan Financial Services Agency has yet to approve the aforementioned cryptocurrency exchange applicants.

The FSA conducted an investigation and audit of various cryptocurrency exchanges and found that security was lax and management was sloppy. Apparently Tech Bureau hasn’t learned its lesson.

Further measures will be required to tighten security amidst Japan’s cryptocurrency regulation, the first country to do so. Regulation is seen by some as a threat to the openness and freedom of cryptocurrency much like the fledgling internet before censorship. But Japan sees it as more of an encouragement and a way to include much needed security measures much like cryptocurrency’s physical counterpart.

Photo by Ryo Yoshitake on Unsplash

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post Japanese Crypto-Robbery appeared first on Hack Ware News.

hackwarenews

Japan to set up cyber security bureau

Recently, Seiko Noda, the Internal Affairs and Communications Minister of Japan stated that there is a “growing risk” for machines and equipment to be hijacked by digital means.

We will make stronger efforts in (cyber security) talent development and other cyber security issues,

commented Noda during an interview with The Nikkei.

The urgency of cyber security was felt as Noda takes the matter into Japan’s fiscal 2018 budget draft to provide funding for the creation of a bureau specialized in cyber security. In addressing this new frontier, the Japanese policy-makers realized that they are way behind tech-leaders such as U.S. and Israel in term of attracting potential cyber-security talents and personnel.

U.S. Government ranks 16 out of 18 in SecurityScorecard report

Despite being top of the game in technology-wise, Japan is not the country that unprepared for cyber-security. In fact, the U.S. government was inadequate for the task as well in protection of sensitive information and digital data, according to SecurityScorecard, a security risk rating agency.

In a recent report from SecurityScorecard, the agency placed the U.S. government on the 16th position when comparing it with the security practices of 18 industries. For the report, SecurityScorecard reportedly reviewed 552 local, state, and federal organizations to see how their security practices stacked up across 10 key categories.

The two industry ranked behind the U.S. government are namely telecom and finally sitting at the last place, education sector.

However, historical records from SecurityScorecard showed the U.S. government actually improved its rating for languishing at the bottom place before moving two places up to 16th.

ENISA seeks funds to manage European cyber security

The European countries felt the heat too in shoring up their defense against malicious cyber-attacks. Interestingly, debt-ridden Greece raised the issue in European Commission seeking for more funding on cyber security for Athens-based European Union Agency for Network and Information Security (ENISA).

According to Vassilis Maglaras, the secretary general for communications of Greece’s ministry for digital policy, told local media that the ENISA should take on a “bigger role” and “only role” in cyber security of European Union (EU). To expand its scope, the ENISA needs fresh funding which currently is capped at EUR 11 million annually.

“It’s an organization (ENISA) that had a mandate that was irrelevant 15 years ago, it was very small because the info-communication technology sector was not so developed. But now it’s a very huge issue so it has to have more money,” explained Maglaras.

In his opinion, a stronger, better funded ENISA is equivalent to safer Europe, not just to Greece alone. However, one of the main barriers for an integrated cyber-security system pointed to the unwillingness of each EU member to share sensitive information with ENISA.

However, all these will change when a new ruling for EU cyber security legislation comes into effect next year where EU members are required to open up and share more information.

Asia unites in cyber defense

Closer to home, Indonesia and Australia have both initiated steps in cybersecurity measures and both initiatives are linked with the city-state of Singapore. For instance, the Singaporean government has invited Joko “Jokowi” Widodo, Indonesian president for the upcoming Singapore International Cyber Week 2017, held during 18-21 September 2017.

Since we have established a national cyber agency, we will need more input. So I’m interested to attend the event in Singapore to talk about cyber security issues. Jokowi told local media.

Since June 2017, Indonesia has inaugurated its national cyber agency named Cyber Body and National Encryption Agency (BSSN) and the agency is scheduled for operation by September 2017.

Similarly, Singapore has also established agency specialized in mitigating cyber risks, called the Cyber Security Agency (CSA) of Singapore. The CSA has then signed an agreement with Australia’s Cyber Security Agency in cooperation for protection of critical information infrastructure.

Under the agreement, both countries will hold “joint cybersecurity exercise” to test their capability in facing the common threat. In addition, the two countries have in mind to host a “cyber-risk reduction workshop” for all the countries in the Association of Southeast Asian Nations (ASEAN) by the end of 2017.

Verdict

As the saying goes, out of adversity comes opportunity. In this case, it seems that in face of adversity, countries unite to fight a common enemy, namely cyber threats. Indeed, this new threat that cyber threats pose can be anonymous, faceless, cross boundaries and yet bring devastating losses to data integrity, financial wealth and even safety of human lives.

The world leaders have since recognized this threat and pitch a defense plan against it. However, the best form of defense actually start from the individual, thus – Are you prepared for cyber-warfare?

The post Ghost in the Shell: Countries step up on cybersecurity appeared first on Hack Ware News.