.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
The Target: Japanese beer giant Asahi.
The Take: According to the company, 1,525,000 people who contacted its customer services had their names, addresses, phone numbers, and email addresses stolen. The hackers also exfiltrated the names, addresses, and phone numbers of 114,000 people Asahi had sent congratulatory or condolence messages to.
The Vector: The company explained that the threat actors hacked network equipment and used it to compromise its data center network. “Ransomware was deployed simultaneously, encrypting data on multiple active servers and some PC devices connected to the network,” the company said.
This breach is a stark reminder of how strong authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.
The Korea Times: The level of investment in cybersecurity by Korean companies is far below that of other major countries, the head of the country's financial watchdog warned, amid a string of recent hacking incidents at major firms, including SK Telecom, Lotte Card, Coupang and Upbit.
Bleeping Computer: Japanese publishing giant Nikkei announced that its Slack messaging platform had been compromised, exposing the personal information of over 17,000 employees and business partners.
Business Korea: It has been revealed that servers of an outsourced IT management company used by some private equity fund management firms have been hacked, resulting in the leakage of internal data.
Finance Magnates: A wave of phishing scams has hit Hong Kong investors, with attackers impersonating licensed brokers in fraudulent text messages that link to fake websites.
The Target: SK Telecom is the largest mobile network operator in South Korea, holding approximately 48.4% of the mobile phone service market in the country, corresponding to 34 million subscribers.
The Take: USIM data is information stored on a Universal Subscriber Identity Module (USIM), which typically includes International Mobile Subscriber Identity (IMSI), Mobile Station ISDN Number (MSISDN), authentication keys, network usage data, and SMS or contacts if stored on the SIM. This data could be used for targeted surveillance, tracking, and SIM-swap attacks.
The Vector: A malware infection allowed threat actors to access sensitive USIM-related information for customers.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.
Dark Reading: Japan has passed the Active Cyber Defense Bill, which will allow its military and law enforcement to take preemptive measures to combat cyber threats.
Yahoo News/Reuters: Hong Kong passed a cybersecurity law to regulate operators of critical infrastructure, forcing them to strengthen computer systems and report cybersecurity incidents or risk penalties of up to HK$5 million ($640,000).
The Target: Japanese electronics manufacturer Casio.
The Take: For the nearly 6,500 employees impacted, basic information collected by human resources was accessed, including names, employee numbers, email addresses and departments. Some employees had other information like gender, date of birth and home address leaked while a small number of those affected had taxpayer ID numbers exposed.
The Vector: An investigation conducted by an outside cybersecurity firm sourced the ransomware attack back to phishing emails that allowed the hackers into Casio’s servers.
As phishing actors continue to explore every potential abuse opportunity on legitimate service providers, novel security gaps constantly threaten to expose users to severe risks. It is essential not to rely solely on email protection solutions, and also scrutinize every email that lands on your inbox, look for inconsistencies, and double-check all claims made in those messages.
Dark Reading: Lawmakers in Singapore updated the nation's cybersecurity regulations on May 7, giving more power to the agency responsible for enforcing the rules, adopting definitions of computer systems that include cloud infrastructure, and requiring that critical information infrastructure (CII) operators report any cybersecurity incident to the government.
Castle Hall helps investors build comprehensive due diligence programs across hedge fund, private equity and long only portfolios More →
Montreal
1080 Côte du Beaver Hall, Suite 904
Montreal, QC
Canada, H2Z 1S8
+1-450-465-8880
Halifax
168 Hobsons Lake Drive Suite 301
Beechville, NS
Canada, B3S 0G4
Tel: +1 902 429 8880
Manila
10th Floor, Two Ecom Center
Mall of Asia Complex
Harbor Dr, Pasay, 1300 Metro Manila
Philippines
Sydney
Level 15 Grosvenor Place
225 George Street, Sydney NSW 2000
Australia
Tel: +61 (2) 8823 3370
Abu Dhabi
Floor No. 15 Al Sarab Tower,
Adgm Square,
Al Maryah Island, Abu Dhabi, UAE
Tel: +971 (2) 694 8510
Copyright © 2021 Entreprise Castle Hall Alternatives, Inc. All Rights Reserved.
Terms of Service and Privacy Policy