After Australian Parliament cyber-attack, which was claimed to have been conducted by foreign country-backed groups, Singapore government agencies and educational institutions faced a huge cyber threat as hundreds of compromised credentials were put up for sale on the dark web.
Group-IB, Russia based company, which develops software and hardware for the proactive cyber defence said on Tuesday, March 19 that they have found user logins and passwords from these organisations on the dark web over the course of 2017 and 2018.
The company also said the Government Technology Agency (GovTech), Ministry of Education, Ministry of Health, Singapore Police Force and National University of Singapore's learning management system are among the affected sites.
As per the chief technology officer and head of threat intelligence at Group-IB, Dmitry Volkov the compromised credentials have triggered a significant threat to the security. In a statement, he noted:"Users' accounts from government resources are either sold on underground forums or used in targeted attacks on government agencies for the purpose of espionage or sabotage."
Alexander Kalinin, head of Group-IB's Computer Emergency Response Team told The New Paper that after the company discovered the data leak they contacted the Singapore Computer Emergency Response Team (SingCert).
Kalinin said that it looks like those credentials are still on sale in underground forums. He added that even though it is not clear whether any of those details were used illegally or not, in similar cases, cybercriminals had used such stolen information.
"It is not unusual when a compromised account is used by cybercriminals to infiltrate an organisation's internal network for the purpose of sabotage and espionage," Kalinin.
The cyber-attack threat in South-East Asia:
As per the new study published by the Russian company, the team analysed the cybercrime activity in Southeast Asia and described the region as "one of the most actively attacked regions in the world."
Group-IB said that in 2018, a total of 21 state-backed hacking groups were detected in the region, more than the combined number for the US and Europe. They also mentioned the name, Lazarus, which is a notorious North-Korean state-sponsored threat actor and believed to be responsible for a number of latest targeted attacks on financial organizations in Asia.
They clarified that Singapore, which is one of the largest financial centres in the region, is the major target, as the company researchers found that almost 20000 of Singaporean banks' payment cards have shown up for sale in the dark web in 2018.
The company said that the number of leaked cards increased in 2018 by 56% and the total underground market value of Singaporean banks' cards compromised in 2018 is estimated at nearly $640 000.
Teck Wee Lim, the Regional Director ASEAN at the information security company CyberArk told IBTimes Singapore:
Personal and professional emails and passwords being available on the Dark Web are an unfortunate fact of life. On the face of it, the potential damage to an organization is limited.
"An email and a password may look like it will only take a potential attacker so far; it may just result in one desktop being compromised. However, things start to become rather more serious if the email and password gives an attacker an open door to getting much more sensitive access – sometimes privileged access.
"Such a large volume of credentials being compromised must increase the chances of gaining access to a desktop that allows an attacker the ability to move laterally, gaining access to much more sensitive assets in the network. The absence of privileged access security technology to contain this kind of movement could potentially result in a more serious compromise.