Threat actors target Southeast Asian tech providers in hunt for scale

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

Credit: Dreamstime

Last year saw threat actors target the technology sector across the Southeast Asia region to achieve economies of scale, according to the latest research by Singapore-based cyber security service provider Ensign InfoSecurity.  

Technology service providers were attractive targets for threat actors in 2020, with many organisations engaging their services during the pandemic to ensure business continuity, according to Ensign.  

This heightened service partner engagement presented a compelling draw for cyber criminals, with a successful cyber attack allowing threat actors to obtain the credentials of these service providers’ clients, potentially handing them illicit access to a wide range of companies.  

According to Ensign, threat actors also targeted technology hardware and software vendors to breach and implant malicious code and components into the vendors’ product development systems. This enabled perpetrators to rapidly develop zero-day exploits or create backdoors to compromise the integrity of the products, allowing them to readily reach a larger pool of targets. 

Tech companies are set to be prominent targets for the foreseeable future, according to Steven Ng, Ensign CIO and executive vice president of managed security services.   

“Technology suppliers and service providers will continue to be lucrative targets for threat actors as organisations become increasingly reliant on digital technologies to support their business operations and position themselves for the future,” said Ng. 

“If threat actors can successfully compromise just one of these companies’ systems, it can create a ripple effect that will impact large groups of organisations across industries and geographies,” he added. 


Inside the DNSpionage hacks that hijack domains at an unprecedented scale

Inside the DNSpionage hacks that hijack domains at an unprecedented scale

Enlarge (credit: Lion Kimbro)

Since the beginning of the year, the US government and private security companies have been warning of a sophisticated wave of attacks that’s hijacking domains belonging to multiple governments and private companies at an unprecedented scale. On Monday, a detailed report provided new details that helped explain how and why the widespread DNS hijackings allowed the attackers to siphon huge numbers of email and other login credentials.

The article, published by KrebsOnSecurity reporter Brian Krebs, said that, over the past few months, the attackers behind the so-called DNSpionage campaign have compromised key components of DNS infrastructure for more than 50 Middle Eastern companies and government agencies. Monday’s article goes on to report that the attackers, who are believed to be based in Iran, also took control of domains belonging to two highly influential Western services—the Netnod Internet Exchange in Sweden and the Packet Clearing House in Northern California. With control of the domains, the hackers were able to generate valid TLS certificates that allowed them to launch man-in-the-middle attacks that intercepted sensitive credentials and other data.

Short for domain name system, DNS acts as one of the Internet’s most fundamental services by translating human-readable domain names into the IP addresses one computer needs to locate other computers over the global network. DNS hijacking works by falsifying the DNS records to cause a domain to point to an IP address controlled by a hacker rather than the domain’s rightful owner. DNSpionage has taken DNS hijacking to new heights, in large part by compromising key services that companies and governments rely on to provide domain lookups for their sites and email servers.

Read 13 remaining paragraphs | Comments

Biz & IT – Ars Technica

Cybercriminals using common exploits and swarm technology to attack at speed and scale: Report

  1. Cybercriminals using common exploits and swarm technology to attack at speed and scale: Report
  2. Full coverage

zero day exploit – read more