In this episode we are joined in Singapore by Ian Yip, APAC CTO at McAfee and discuss the impact of Singapore’s Cyber Security Act and the key regional trends being observed. We also discuss the business structure and scale of McAfee and dive into McAfee’s latest Threat Report, June 2018 with highlights around the latest cyber campaigns – Gold Dragon Expands the Reach of Olympics Attacks: Lazarus Rises Again, Targeting Cryptocurrency Users; and Advanced Data-Stealing Implants GhostSecret and Bankshot Have Global Reach and Implications.
Ian also provides valuable advice as to the vulnerabilities of blockchain technology and concludes with insight into communicating to the Enterprise C-Suite and an upcoming McAfee whitepaper.
Also in recent news, McAfee’s Advanced Threat Research team have revealed in an investigation into underground hacker marketplaces, a major international airport’s security system (including building security automation) for sale on the dark web via a Russian ‘RDP shop’. The asking price: just $10.
Remote Desktop Protocol (RDP) is a proprietary Microsoft protocol that enables remote administrator access to a PC, something great for solving IT challenges, but potentially devastating if in the wrong hands. In this instance, any hacker wanting to gain control of the airport’s system only needed a few dollars to access to a compromised machine and potentially carry out a myriad of large-scale attacks that could have severe consequences for the airport and its customers. For example, RDP can be used as an entry point to send spam, create false security alerts, steal data, credentials and even mine cryptocurrency. As we saw with the recent SamSam ransomware campaign against several US institutions, RDP was used to enact the attack and claim ransoms as high as $40k.
Recent trends in dark web marketplaces are also outlined in the research. One key finding is that RDP shops are growing in their size and abundance on the dark web – ranging from 15 to more than 40,000 RDP connections for sale at Ultimate Anonymity Service (UAS), a Russian business and the largest active shop they researched.
You can find further details of the attack in McAfee’s latest blog post.
Recorded in Singapore, July 4, 2018. Special thanks to McAfee for sponsoring the inaugural Cyber Risk Meetup in Singapore on July 3.