Cryptocurrency exchange Bybit has experienced total outflows exceeding $5.5 billion after suffering a $1.4 billion security breach, reportedly carried out by hackers linked to North Korea’s Lazarus Group. The attackers targeted the exchange’s ether cold wallet, prompting Bybit to secure emergency funding to maintain withdrawal operations.

Massive withdrawals and emergency response

Data from DeFiLlama showed assets associated with Bybit’s wallets dropped from $16.9 billion to $11.2 billion following the breach. In an X Spaces session, Bybit CEO Ben Zhou stated that as soon as the attack was identified, the exchange prioritised processing withdrawals. According to Zhou, hackers drained 70% of clients’ ether holdings, forcing Bybit to secure loans to maintain withdrawal liquidity. However, stablecoin withdrawals quickly overtook ether, as most users moved their funds to other platforms.

Bybit had the reserves to support withdrawals, but the situation was complicated when Safe, a decentralised custody protocol, temporarily shut down smart wallet functionalities to address security concerns.

Zhou noted that $3 billion in USDT was locked in a Safe wallet, delaying access to important reserves.

Safe stated on social media that while it had not found evidence of a frontend compromise, certain functionalities were paused as a precautionary measure. With mounting withdrawal requests, Bybit’s security team worked to develop software that manually verified transaction signatures, allowing funds to be moved from the Safe wallet. Despite challenges, the exchange managed to transfer its $3 billion in stablecoin reserves, but not before experiencing a 50% bank run.

Authorities and blockchain analysts investigate

Bybit has engaged law enforcement agencies, including Singaporean authorities and Interpol, to track the stolen assets. Blockchain analysis firms, like Chainalysis, have also been asked to assist in identifying the movements of the stolen funds. Zhou emphasised that Bybit is committed to monitoring the attackers’ activities in the hope that the stolen assets can be traced and recovered.

Rolling back ethereum considered

During the session, Zhou acknowledged that some industry figures, including BitMEX co-founder Arthur Hayes, suggested the possibility of an Ethereum blockchain rollback to recover lost funds. Bybit’s team collaborated with Ethereum co-founder Vitalik Buterin and the Ethereum Foundation to explore alternative solutions.

However, Zhou pointed out that such a choice would require community consensus and is unlikely to be taken unilaterally. “I’m not sure it’s a one-man decision based on the spirit of blockchain. It should be a work in process to see what the community wants,” Zhou said.

A rollback on Ethereum would be technically complex, given its smart contract infrastructure. Any attempt to alter the blockchain’s state would likely lead to a contentious hard fork, splitting the network and facing resistance from parts of the community.

Investigation into the attack

Bybit continues to investigate the exact cause of the security breach. Zhou stated that the exchange’s computers were not compromised, and an internal review of transaction signers has so far revealed no irregularities in their activity. “We know the cause is definitely around the Safe cold wallet. Whether it’s a problem with our laptops or on Safe’s side, we don’t know,” they added.

Bybit replenishes ether reserves after hack

Despite its losses, Bybit has restored a 1:1 backing of client assets after securing additional funds. On-chain tracking service Lookonchain reported Bybit has replenished 446,870 ETH – worth approximately $1.23 billion – through a mix of loans, large deposits, and ether purchases. Blockchain activity suggests that Bybit obtained over $400 million in ETH through over-the-counter trades, an additional $300 million from exchanges, and nearly $300 million through cryptocurrency fund-backed loans.

The ETH price initially saw a 4% rise over the weekend due to increased buying activity but later dropped 2% as market sentiment remained cautious. Meanwhile, Bybit stated that as of Sunday, deposits and withdrawals have returned to normal levels, with deposits slightly exceeding withdrawals.

Attack linked to North Korea’s Lazarus group

The security breach has been linked to the Lazarus Group, an alledgedly state-sponsored North Korean hacking collective known for high-profile cryptocurrency attacks. Blockchain analyst ZachXBT identified transaction patterns similar to those used in previous attacks by Lazarus. The hacking group has been responsible for several major incidents, including the $600 million Ronin Network hack (2022), and a $230 million attack on Indian exchange WazirX in 2024.

Hackers reportedly gained access to Bybit’s cold wallet by manipulating a UI vulnerability and altering smart contract logic to redirect funds. The stolen ether was then split across multiple wallets and exchanged for other assets on other decentralised platforms.

Next steps for Bybit

Following the attack, Bybit has moved a large portion of its funds away from Safe cold wallets and is reviewing alternative custody solutions. The exchange continues to assess work with security experts and law enforcement to recover stolen assets. The case underscores ongoing security risks in the cryptocurrency industry, particularly with the increasing sophistication of cyberattacks targeting centralised exchanges.

Want to learn more about blockchain from industry leaders? Check out Blockchain Expo taking place in Amsterdam, California and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

The post Bybit saw $5.5 billion in outflows following crypto’s biggest hack appeared first on TechWire Asia.

AI has emerged as the most transformative technology of 2023. Organizations are actively seeking to integrate AI into their business models to enhance productivity and scalability. There’s also a growing trend towards using AI as a foundational element in cybersecurity strategies, especially as adversaries begin to harness its potential in their attacks.

As we move through 2024, AI and machine learning are expected to play a pivotal role in improving endpoint and vulnerability management. A key area of focus will be the deployment phase in software development.

During this phase, AI-enabled tools have become increasingly vital for examining code for potential security risks and ensuring secure configurations. This heightened level of scrutiny is essential for more effective software deployment, proactively identifying and addressing vulnerabilities before they escalate into security threats.

But these advancements come at a time of heightened cybersecurity concerns. The ISACA State of Cybersecurity 2023 report revealed a troubling trend: 38% of organizations are witnessing more cyberattacks compared to the previous year. There’s also a noticeable drop in respondents who expect their organization to be targeted in the upcoming year. This somewhat optimistic outlook, a first since ISACA started tracking this data, is likely influenced by an increased belief in the consistent rate of cybersecurity incidents.

NordVPN’s shift in predicting cybersecurity risks – with the help of hackers

December marks a time when experts at NordVPN traditionally forecast upcoming cybersecurity risks. In a shift from their usual approach, in 2023, they delved into the largest dark web forums to analyze the most discussed topics, using these insights to inform their predictions.

Marijus Briedis, NordVPN’s CTO, notes, “Every year, we try to predict sophisticated attacks from experienced hackers, who mostly target businesses or influential people. Taking this year’s approach helped us realize that regular internet users are often attacked by amateur hackers who are still developing their craft. They can also cause a lot of harm to their unsuspecting victims, and users need to be informed about their plans.”

The cybersecurity team at NordVPN has derived five key predictions based on these dark web discussions:

The rising trend of leaked nudes on the dark web

In recent times, dark web forums have seen a surge in discussions around leaked nudes, particularly from platforms like OnlyFans and Instagram. These threads have amassed nearly 1,850 comments and rank among the top 20 most active on these forums.

Marijus Briedis predicts a worrying trend for the upcoming year, with an expected increase in the leakage of intimate images. He also warns of a new tactic by criminals using AI and deepfake technology to produce counterfeit explicit images to deceive consumers. To counteract this, Warmenhoven advises against sharing personal photos on social media platforms and recommends using encrypted cloud services for secure photo sharing.

AI: A boon for hackers

The hacker community shows a growing interest in AI, as shown by the popularity of hacked ChatGPT accounts and AI-based attack tutorials. This suggests that AI users are increasingly becoming targets, and hackers are exploiting AI to enhance the efficiency and effectiveness of their operations.

Briedis highlighs the role of AI in automating phishing attacks, predicting a rise in such incidents in the near future, and thus intensifying cybersecurity challenges. He also suggests that those who struggle to recognize phishing attempts should consider using dedicated browser extensions designed for this purpose.

Growth in amateur hacker numbers

Approximately one in every ten posts on these forums is dedicated to learning attack techniques. Popular topics include doxxing, hacking WhatsApp and TikTok accounts, and WiFi hacking courses. This trend indicates a growing exchange of hacking knowledge and suggests an imminent rise in the number of amateur hackers and the frequency of their attacks. In response, users are encouraged to take their cybersecurity education more seriously and stay informed about the latest threats.

The high demand for customer data

Research indicates that discussions about leaked customer data, including social media credentials, driving licenses, and email addresses, constitute approximately 55% of all forum threads. This points to a continued interest among hackers in personal data, underlining the vulnerability of users to hacking. Warmenhoven recommends using multi-factor authentication (MFA) wherever available to safeguard online data.

The limitations of biometric authentication

Many online platforms now offer biometric authentication options to enhance user security. However, studies show that hackers are finding ways to circumvent some of these methods, such as bypassing selfie verification systems used by certain cryptocurrency platforms. A forum thread dedicated to this topic has garnered over 200 comments.

Briedis foresees biometric authentication as a future security staple but emphasizes its effectiveness only when combined with multi-factor authentication. He predicts that reliance on biometric methods alone may prove unreliable, prompting the development of more comprehensive security measures.

The emergence of passkey technology

A significant innovation in cybersecurity is the introduction of passkey technology. Passkeys consist of a public and private key pair, where each key is dependent on the other, rendering them useless in isolation to potential hackers. Furthermore, the private key on a device cannot be accessed without the device owner’s biometric identification or a PIN code, offering an additional layer of security.

Conclusion

Ultimately, the ongoing battle against cyberthreats in this AI-driven era calls for a proactive and informed approach. It involves implementing advanced technological solutions and fostering a culture of cybersecurity awareness and education among internet users, according to the hackers who pose the threat. As we navigate these complex digital waters, the lessons learned from both the advancements and the setbacks of 2023 and 2024 will undoubtedly shape the future of cybersecurity.

The post What are hackers predicting as the biggest cybersecurity concerns for 2024? appeared first on TechWire Asia.

Video game leaks tend to have a bigger impact on society compared to data breaches involving personal data, simply because most of the games that end up being leaked are popular titles, which are favorites among gamers around the world.

Recently, the trailer of the popular video game Grand Theft Auto (GTA) 6 was leaked onto X. The leak resulted in shares of the video game publisher, Take-Two Interactive Software, dropping 2%. Eventually, Rockstar Games, a subsidiary of Take-Two published the GTA 6 trailer on YouTube. X also suspended the account that posted the leak. But the damage had already been done.

However, the leak of the GTA trailer is not nearly as bad as what is happening to Sony right now. Sony’s Insomniac Games’ internal data has made its way to the dark web following the passing of a ransom deadline. The Rhysida ransomware gang has leaked 1.67 terabytes of data, which contains more than 1.3 million files, onto the dark web.

The gang said in its leak post that “No sold data was uploaded, data hunters, enjoy,” and it appears some data was, in fact, sold to an enterprising bidder. Only 98% of the full dataset has been uploaded.

The ransomware gang had initially threatened to publish the data on December 12th, after publishing limited proof-of-hack material, including passport scans. While the ransom figure remains uncertain, the cybercriminals were selling the data for around US$2 million. Any buyer, including Sony, was welcome to bid.

What video games were affected by the leak?

Bloomberg reported that the data leaks included game road maps, budgets, and detailed information about Insomniac’s upcoming Wolverine game. The game was slated to be released in 2026. The files also include yet-to-be-released Marvel-inspired titles in the next decade. This includes Spider-Man 3 which is based on Venom and X-Men games as well as a reference to a new Ratchet & Clank game slated for a 2029 release.

While Sony has yet to respond to the leak, other details that were compromized included information on dozens of current and former employees. The information included compensation, personal information and photos on executive cards. Contracts showing multimillion parachute payments to executives upon the studio’s sale to Sony were also leaked along with historical financial agreements with games publishers including Oculus and EA Games.

Cyber Daily, which first reported the leak, said that Sony and Insomniac were specifically targeted by the cybercriminals. A spokesperson for Rhysida said they knew who they were attacking in an email.

“We knew that developers making games like this would be an easy target.”

It also turns out that the hack itself did not present much of a problem, with the spokesperson saying, “We were able to get the domain administrator within 20–25 minutes of hacking the network.”

Not Sony’s first time at the ransomware circus

The Insomniac hack is just one of the few cybersecurity incidents that have affected Sony in the past decade. While the current incident may not be as big as the 2014 Sony Pictures hack, the scenario does paint a similar picture.

Back in 2014, Sony Pictures suffered one of the worst hacks in the film industry. North Korean hackers claimed responsibility for the hack after Sony released a film that was mocking their leader. The threats not only succeeded at disrupting the premier of the film but also affected other films being planned by Sony.

The hackers released scripts of unreleased films as well as personal data and private emails from top executives of Sony. But that wasn’t by any means the last time Sony would suffer a cybersecurity incident.

Earlier this year, according to a report by Bleeping Computer, Sony notified current and former employees and their family members about a cybersecurity breach that exposed personal information. About 6,800 individuals have been compromised after an unauthorized party exploited a zero-day vulnerability in the MOVEit file transfer platform.

The Cl0p ransomware leverages the zero-day vulnerability for large-scale attacks that have compromised organizations worldwide. The Cl0p ransomware gang added Sony Group to its list of victims in late June, but the firm hasn’t given a public statement on the incident until now.

That’s not all. Reports show that Sony experienced another cybersecurity incident. Allegations on hacking forums show that 3.14GB of data was stolen from Sony’s systems. While Sony has responded to the claims, stating an ongoing investigation, Bleeping Computer noted that the leaked data set contains details for the SonarQube platform, certificates, Creators Cloud, incident response policies, a device emulator for generating licenses, and more.

Video game industry continues to be a target

The video game industry itself has witnessed increasing cybersecurity incidents. Capcom, another game developer, fell victim to a massive data leak three years ago. It was only recently that law enforcement agencies were able to apprehend the ransomware group responsible.

Another incident involved major game publisher Electronic Arts. The hackers claimed to have downloaded the source code for several popular games. After failing to extort the company, the hackers released the entire cache of stolen data to the dark web.

Earlier this year, Riot Games revealed that hackers had compromised its development environment with a social engineering attack. The company reassured users that no player data or personal information was compromised, but the hackers did manage to get access to the source code of several popular titles by Riot Games.

Activision also experienced a cybersecurity incident earlier this year when hackers stole internal data. Screenshots of the data, which included planned content of popular games, were published online.

The post Hackers leak Sony’s video game plans appeared first on TechWire Asia.

It’s been more than a week since the LockBit ransomware group claimed to have infiltrated Boeing and to be in possession of a great deal of its data. The ransomware group had threatened to release the data if the aircraft manufacturer did not contact it within a specific timeline.

Boeing initially said it was just investigating the claim, but has now acknowledged that there was a cybersecurity incident. According to a report by TechCrunch, a statement by Boeing spokesperson Jim Proulx has confirmed the Boeing hack is a reality.

Proulx explained that the attackers had targeted elements of Boeing’s parts and distribution business. The spokesperson also highlighted that the cybersecurity incident dis not affect flight safety and that the company is actively investigating the incident by coordinating with law enforcement and regulatory authorities.

Boeing declined to comment on whether it had received a ransom demand or whether the company had paid one if it had. A check on the services page of Boeing’s website showed that the site is experiencing technical issues and will be back up “soon.”

Boeing also declined to say how it was compromised or whether the company was aware of any exfiltration of data from its systems. However, the spokesperson did not dispute that Boeing had been affected by a cybersecurity incident that involved data exfiltration.

Who’s responsible for the Boeing hack?

The LockBit ransomware group has claimed responsibility for the cyberattack on Boeing. One of the most notorious ransomware groups today, LockBit has been terrorizing American and European organizations over the past few years.

According to the FBI, there have been over 1,700 attacks involving the ransomware group since 2020. Around US$91 million has so far extorted by the group.

Known for its well-planned and organized cyberattacks, LockBit is connected to Russian hacker groups. According to VX-Underground, the LockBit ransomware group is so organized that it even have system administrators to communicate with victims and ensure they get the message through.

What will be the impact of the Boeing hack?

With over 140,000 employees around the world, Boeing is one of the largest aerospace and defense companies in the world. Apart from manufacturing commercial jets, Boeing also develops, manufactures, and services defense products and space systems for customers across over 150 countries.

Boeing’s parts and distribution business, which falls under its Global Services division, provides material and logistics support to its customers, according to the company’s 2022 annual report.

“Global Services ensures (customers) have access to the world’s most robust supply chain and the flexibility, scale and purchasing power to operate efficiently,” the report says.

While Boeing has assured clients that the hack does not have an impact on any of its aircraft, there are still concerns about how much data was actually compromised by the hackers. Given that Boeing has defense contracts and works on a lot of defense products, the information held by the hackers could easily find interested buyers on the dark web.

It is also important to note that this is not the first time Boeing has been hacked. Last year, a Boeing subsidiary that distributes airspace safety notices to pilots also experienced a cybersecurity incident. Jeppesen, which provides electronic notices to air mission bulletins and applications for in-flight management tasks, experienced a technical issue which was a cyber-incident.

To pay or not to pay – that is the question

With investigations still ongoing, the question on everyone’s mind is whether Boeing is going to pay a ransom for the hack? While law enforcement and cybersecurity vendors would strictly advise the company not to pay a ransom, the information that has been compromised could result in more severe consequences if the matter is not resolved.

In a recent incident involving two casinos in Las Vegas – MGM and Caesars, one company decided to pay the ransom to get back access to its systems, while the other chose to negotiate.

MGM, which decided not to pay the ransom and negotiate with the hackers, not only ended up losing close to US$100 million but also disappointed customers, as many were left locked out of their hotel rooms, unable to proceed with check-ins and sufferign other inconveniences that tarnished the brand. Meanwhile, Caesers admitted to paying the ransom – and did not experience the same situation.

However, paying the ransom does not always guarantee a smooth journey. Ransomware groups want to be paid in crypto, and pricing may fluctuate. Ransomware groups can also make copies of the data. What’s more concerning is that ransomware groups could end up planting malware or spyware into the data to launch more attacks in the future.

For Boeing, the next few days will be crucial. Not only does the aerospace giant have to negotiate with cybercriminals, but it also needs to check its systems to ensure there isn’t any other malware or bugs that could pose a problem in the future.

The post Boeing hack: should the airline manufacturer negotiate with cybercriminals? appeared first on TechWire Asia.

In a world increasingly held to ransom by cybercriminals, emerging ransomware group, Ransomed.vc, is taking center stage with their claim of a successful attack on the global entertainment giant, Sony. With links to prior hacking communities and a growing list of victims despite its recent formation, the group’s audacious claims cast a shadow over Sony’s cyber-security framework, raising questions and fears about the security of personal and corporate data. As the drama unfolds, stakeholders worldwide wait with bated breath, hoping for a quick resolution and assurance of data safety.

While Ransomed.vc is relatively new, it boasts of significant accomplishments within a short span, including a successful attack on Sony. As reported by Cyber Security Connect, the group has shared this information on its leak sites, both on clear and dark nets, copying a description directly from Wikipedia to detail Sony’s global footprint.

“Is my Sony account compromised?”

In their announcements, the group declared a successful compromise of all Sony systems. Instead of seeking a ransom, Ransomed.vc plans to sell the compromised data, attributing this decision to Sony’s refusal to pay. They emphasize their intent to sell the data, providing minimal proof including screenshots of an internal login page, an internal PowerPoint presentation, and several Java files.

Despite the lack of compelling evidence, Ransomed.vc posted a file tree of the entire leak, showing fewer than 6,000 files. These include build log files, a diverse range of Java resources, and HTML files, with many sample files prominently featuring Japanese characters.

Ransomed.vc has not listed a specific price for the compromised data, but has left contact information using the Tox messaging service, along with Telegram and email details. The group has also given a “post date” of 28th September 2023, implying that they will release the data in entirety if it remains unpurchased by this date.

Projecting a unique stance, Ransomed.vc not only operates as a ransomware entity but also offers ransomware-as-a-service, actively seeking affiliates. They assert their operation abides by GDPR and Data Privacy Laws, threatening to report any non-payment as a Data Privacy Law violation to the GDPR agency.

In a twist, a second individual, MajorNelson, disputes Ransomed.vc’s claims, suggesting their allegations of breaching Sony systems are false. MajorNelson has reportedly released the supposed leaked data for free on a clear web hacking forum, asserting that Ransomed.vc is attempting a scam.

Further undermining Ransomed.vc’s claims, MajorNelson provides a link to a 2GB archive for free download, supposedly containing credentials for numerous internal systems among other sensitive information. Sony, currently investigating the incident, has not released further comments.

Despite the posting of limited proof-of-hack material, Ransomed.vc continues to claim a successful compromise of Sony systems. Following the clear web leak by MajorNelson, the group updated its darknet leak site to announce a partial database leak, coinciding with the information and link provided by MajorNelson overnight.

Revisiting the 2011 PlayStation Network outage

Sony faces the hope and expectation to address the current issue peacefully, in light of the substantial breach in 2011 that left a considerable mark on PlayStation and its users. This past breach saw around 77 million accounts’ personal details compromised, leaving users without online services for an extended period.

The turmoil began with Anonymous, a known hacktivist group, launching a series of DDoS attacks against Sony’s servers. These attacks substantially disrupted the PlayStation Network (PSN) in April 2011, prior to the major privacy breach.

Anonymous, infuriated by Sony’s legal action against George “Geohot” Hotz, a PS3 jailbreaker, believed that the information Hotz revealed should be publicly accessible. They contended that Hotz had inadvertently assisted Sony by highlighting a significant system loophole.

Although the group ceased their attacks, realizing the unintentional harm to Sony’s users, PSN faced another attack on April 19, 2011. This time the attack was different in nature, prompting Sony to take PSN offline two days later.

On April 21, Sony informed PSN users about the ongoing emergency outage, with a commitment to investigating the issue, including the possibility of outside interference, and to restoring services as swiftly as possible.

This incident marked the beginning of the PSN outage, which lasted until May 14. Amidst the crisis, Sony alerted customers about a potential delay of up to 48 hours before services could resume.

The day after, Sony acknowledged an “external intrusion” and initiated an extensive investigation to guarantee the future reliability and security of their network services. However, the company did not confirm the risk to personal details until four days later, leaving users in anticipation and concern.

A week into the downtime, Sony had not provided any detailed information about the specific cause. Assumptions were made that Sony had intentionally shut down the PSN to prevent additional attempts on its systems. However, updates from Sony were optimistic, albeit somewhat vague. Sony engineers were tirelessly working to resume services, as repeatedly communicated to PSN users. On the evening of 26th April, Sony eventually disclosed the unsettling news that the personal information of millions was breached.

As Sony embarks on addressing this recent cyber onslaught, the echoes of past breaches serve as a stern reminder of the devastating impacts of cyber vulnerabilities. The global audience, particularly millions of Sony’s customers, are keenly watching, hoping for a swift and effective resolution to this latest threat.

The post Sony battles new hack: ‘Is my account safe?’ Echoes among concerned customers appeared first on TechWire Asia.

Operational technology (OT) is just as vital to the economy and people’s daily lives, even though it is less apparent than information technology (IT) in most enterprises and most definitely in public perception. After all, OT systems manage the critical infrastructure on which everyone relies, including transportation networks, fuel pipelines, power plants, and water and sewage systems.

Threat actors have taken note of this trend and are closely monitoring OT systems. Over the past ten years, OT systems have seen a growth in cyberattacks, partly because of their greater susceptibility to attacks from outside the system.

Attacks against OT infrastructure are getting worse, more frequent, and more significant. Like the colonial pipeline catastrophe and the JBS USA meat producer incidents that occurred last year in 2021. And this year, the attacks on Kojima Industries, a supplier of Toyota parts, have an impact on 28 production lines.

“Throughout the years, you can see things like traffic lights could get hacked, and power plants could get knocked offline. These impacts are getting from simple ransomware to things that could cause harm. In OT, this is where malware is created, specifically to cause damages, harm or even death,” said Jonathan Chin, Business Development Manager, Cybersecurity OT at Fortinet.

In fact, these attacks on OT infrastructures seriously harmed business operations.

The operational technology (OT) industry in Singapore was the subject of a Fortinet study, “2022 State of Operational Technology and Cybersecurity”, which found that more than nine out of ten OT firms there were affected and that 88% of them lost data and experienced productivity-reducing operational outages.

Additionally, 94% of organizations said that their cybersecurity activities do not have total visibility, implying they are unaware of the risks in their networks. With 64% of respondents having a high level of concern compared to other incursions, ransomware emerged as the largest concern.

Key findings of the report also showed that security threats are rising because of OT activities’ lack of centralized visibility. Only 13% (Singapore: 12%) of respondents have consolidated visibility of all OT activities, according to the Fortinet study for the world. Only 52% of firms can also track all OT activities from the security operations center (SOC).

At the same time, organizations’ productivity and bottom lines are dramatically affected by OT security intrusions. According to the survey, 93% (Singapore: 86%) of OT firms had at least one intrusion in the previous 12 months. Hackers, malware, and phishing emails were the top 3 intrusion types that Singaporean firms encountered.

Interestingly, the ownership of OT security varies amongst enterprises. The Fortinet research states that OT security management falls under a variety of mostly director or manager responsibilities, ranging from the Manager of Manufacturing Operations to the Director of Plant Operations.

Overcoming operational technology security challenges

The Fortinet report included a guide on how businesses might boost their entire security posture and address the vulnerabilities in OT systems. Organizations can deal with their OT security challenges by:

• Implementing Zero Trust Access to stop breaches. As more industrial systems are connected to the network, Zero Trust Access solutions ensure that anyone, any device, or any application without the right credentials and permissions is prevented from accessing crucial assets.
• Putting in place systems that give OT operations centralized visibility. To ensure that enterprises improve their security posture, centralized, end-to-end visibility of all OT activities is essential.
• Combining security tool suppliers for cross-environment integration. Organizations should strive to combine their OT and IT solutions across a smaller number of providers to reduce complexity and achieve consolidated visibility of all devices.
• Implementing technology for network access control (NAC). Organizations with a NAC in place, which ensures that only authorized users may access certain systems essential for protecting digital assets, were more likely to have avoided incursions in the previous year.

“Singapore has been investing in securing operational technology through training cybersecurity professionals and the OT Cybersecurity Competency Framework, as highlighted by Minister for Communications and Information Mrs. Josephine Teo. We believe enhanced collaboration between the public and private sectors, supported by suitable security tools investments, will better position Singapore to manage future OT cyber-attacks,” said Jess Ng, Country Head, Fortinet Singapore & Brunei.

The post What makes operational technology organizations in Singapore vulnerable to intrusion? appeared first on TechWire Asia.

David Colombo, a 19-year-old self-described IT security specialist, and hacker made headlines around the world last week in the smart car and cybersecurity industry after announcing that he was to hack into a number of Tesla cars around the world.

Through a series of Tweets, Colombo explained how he discovered flaws in Tesla that enabled him to unlock doors and windows, start cars without keys, and disable the vehicle’s entire security system. Based in Germany, Colombo also claimed he can view if the vehicle had a driver, turn on the stereo system and flash its headlights.

Colombo provided screenshots and other documentation of his research that identified the maker of the software and gave details of the vulnerabilities in an interview with Bloomberg. He also claimed that he could access more than 25 Teslas in at least 13 countries.

Bloomberg also reported that a representative for Tesla in the U.S. and elsewhere didn’t respond to requests for comment. However, Colombo stated that Tesla’s security team had logically reached out to him to investigate the issue and prevent future threats.

Addition as of 11. Jan 22:33 (CET)

Tesla‘s Security Team just confirmed to me they’re investigating and will get back to me with updates as soon as they have them.

[8/8]

— David Colombo (@david_colombo_) January 11, 2022

So how did Colombo hack a Tesla?

According to Colombo and news reports, a flaw in third-party software allowed him to access the 25 vehicles in 13 different countries. The vulnerability of third-party software on devices such as smart cars have long been a concern for carmakers as they felt these were to be secured.

Colombo has also given suggestions on areas Tesla should focus on to secure their vehicles more. They include implementing different API access token scopes, which includes read-only scope, non-critical scope (for seat heater, etc) and a critical scope (for unlocking doors, starting keyless driving, etc.)

Tech Wire Asia reached out to Lotem Finkelstein, Head of Threat Intelligence and Research for Check Point Software Technologies to get his views on the hack and how car manufacturers can fix these types of problems in the future.

Finkelstein pointed out while the threat may not be as severe as initially imagined, the reality is, smart cars can be hacked. And Colombo has just shown the world one of the ways of how it could be done.

Finkelstein also believed that Colombo was not able to take control of any vehicles in that sense but claimed he was able to control some peripheral devices on 25 poorly maintained Teslas like the volume of the sound system, windows and lights, and critically he was not able to execute code on any of the compromised cars and certainly was not able to get into the drive control system.

“I would challenge this conclusion. Can we really expect users to be familiar with the software configuration of a complex and highly technically advanced product like a modern automobile? Surely cars, of all things need to be secure ‘out of the box’ and secure to the highest standards. It should not be possible for the driver to allow remote access to their vehicle either by a given action or indeed inaction,” said Finkelstein.

That said, Finkelstein foresees a future where users will need to assume some responsibility for the cyber safety of their vehicles.

“If God forbid, a hacker took control of your car and you had an accident, it would not matter whose fault it was that the car was not secured, you would want to do everything in your power to prevent it. Sure, we expect manufacturers to provide a fully secure vehicle but our experience in cyber tells us this is not something that can be 100% guaranteed forever. In the same way that we expect to be proactive in protecting our laptops and phones, I suspect we will need to take a more hands-on approach to ensure our cars are protected from cyber-attacks,” he concluded.

While the Tesla hack wasn’t as severe as many expected, it does raise questions on the technologies being used by the vehicles. With third-party software vulnerable, care manufacturers may need to look for stronger ways to secure a smart car.

As Finkelstein puts it, when lives are in danger, users will start to demand a higher level of personal control over such risks.

The post Tesla hack signals the importance of smart car cybersecurity appeared first on TechWire Asia.

However, in a turn of events, the hacker returned most of the stolen funds and has even been invited to become the company’s chief security officer. Poly Network also promised the hacker a US$ 500,000 bounty for the restoration of user funds.

But not all crypto hacks may have a fairy tale ending like this. Japan’s Liquid Global announced that it had been hit by a cyberattack that saw hackers make off with US$ 97 million worth of digital coins. In a statement released by the company, Liquid’s Operations and Technology teams detected unauthorized access of some of the crypto wallets managed at Liquid.

The statement added that Liquid is still analyzing the impact of the hack but has determined that a total of approximately 91.35mm USDE crypto assets were moved out of Liquid wallets by an unauthorized party. Of this amount, the crypto community and other exchanges were able to disable and freeze 16.33mm USDE of ERC-20 assets.

Following the hack, Liquid has halted all crypto withdrawals and has requested users to not deposit any crypto assets into their Liquid wallets until further notice. Other services on Liquid, including trading and Liquid Earn remain available.

“Liquid’s teams are still assessing the attack vector used and taking measures to mitigate the impact to users. During this difficult period, we greatly appreciate the support from our customers, other exchanges, security experts, and the broader crypto community,” the statement said.

According to reports in bitcoin and digital currency specialist Coindesk, a translated Japanese blog post by Liquid Global of the incident claimed the hack targeted a multi-party computation (MPC) wallet. MPC is an advanced cryptographic technique in which the private key controlling funds are generated collectively by a set of parties, none of whom can see the fragments.

Before the hack, Liquid was one of the 20 biggest crypto exchanges, as ranked by daily trading volume, per CoinMarketCap.

As other Liquid services were not affected, the company also announced that Dash, an open-source cryptocurrency, has been integrated into Liquid’s Quick Exchange. The Quick Exchange was designed to make the buying and swapping of cryptocurrency simpler.

“It’s been great working with the Dash team on something truly great for the community. Liquid Quick Exchange offers best-in-class exchange rates with an industry-leading user experience. Combined with the high quality of Dash ecosystem and the app, we have quite a formidable use case,” said Jered Masters, Head of Frontend and Quick Exchange Lead at Liquid.

With cryptocurrency becoming mainstream both commercially and even for cybercriminals, the crypto community may just play an important role in ensuring the safety of cryptocurrency and avoid any hacks in the future.

The post Japan’s Liquid Global the latest victim of crypto hacks appeared first on TechWire Asia.

According to Malaysian daily The Star, the hackers who dubbed themselves the ExtremeCrew broke into 27 websites following an oversight in the official souvenir booklet of the games which printed an upside-down image of the Indonesian flag.

Posting an image of the booklet containing the error, the hackers left a message with the words “Bendera Negaraku Bukanlah Mainan” (“My national flag is not a plaything”), embedding an Indonesian patriotic anthem in the background.

Popular courier site Easyparcel.my was also among those struck by hackers but it appears that they were hit by another group.

The company has since taken the website down for maintenance and investigation, assuring customers that only the website was affected and that everything else was “backed and is “safe”, The Star reported.

The Star report said Indonesian website Elshianta.com had a full list of the hacked sites, mostly comprising unfrequented blog sites and those not linked to any official body or large corporation.

SEE ALSO: Vietnam-linked hackers likely targeting Philippine intel on South China Sea dispute

Internet regulators CyberSecurity Malaysia has yet to issue a comment on the matter, but Malaysia’s Computer Emergency Response Team (MyCert) released an advisory for administrators on steps to beef up security of their websites.

Malaysia has apologised for printing the inverted flag in the souvenir guidebook for the games, which were officially declared open on Saturday.

SEE ALSO: North Korean hackers highly likely behind WannaCry attack – Symantec

The mistake, which was spotted at the opening ceremony in Kuala Lumpur, has led to Malaysian officials promising to withdraw and reprint the guidebooks.

The error prompted an outcry in Indonesia, with the hashtag #ShameonyouMalaysia trending during the weekend.

Indonesian President Joko Widodo told reporters in Jakarta the incident concerned “national pride” and called for an apology.

His wish was quickly granted, as, within hours, Malaysian Foreign Minister Anifah Aman apologised to the government and people of Indonesia for the “inadvertent error”.

The post Indonesia: Hackers deface Malaysian websites after SEA Games flag blunder appeared first on TechWire Asia.

At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday,July 11.  Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised.  We apologize to affected users.  We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.

Sucuri Labs offers a quick check for users who want to find out if their accounts have been compromised. The boffins at Sucuri analysed the breach and found that 135,599 Yahoo! accounts, 106,185 Gmail, 54,393 Hotmail, 24,677 AOL and thousands others from various email sites have also been compromised. Sadly, the findings also revealed people are still using unsecure passwords such as “123456”, “password”, “welcome” and “abc123.”

The numbers may not stack up to the 6.5 million LinkedIn accounts hacked last month, but the worrisome aspect is that this hack attack churned out hundreds of thousands of accounts and passwords from a whole slew of email companies — just because their owners contributed to the Yahoo! network. One thing remains important however: Stop using easy-to-guess passwords, because it won’t take a hacker to access your emails and other private information.

The post 400K Email Accounts Compromised: Yahoo! appeared first on TechWire Asia.