Photo: iStock
Photo: iStock

Cyberwatch: Firms, beware of data thefts, malware attacks

Security experts discovered that a banking trojan called Cronos is using man-in-the-middle attacks to infiltrate a web browser and target web pages of banks

SingHealth, one of the largest healthcare service providers in Singapore, suffered a major data breach in July when hackers broke into its database and stole the personal data—user names, addresses and dates of birth—of over 1.5 million users who were admitted at the various SingHealth facilities between May 2015 and July 2018. Those impacted included Singapore’s Prime Minister, Lee Hsien Loong. According to the cybersecurity agency of Singapore, hackers first broke into a front end workstation using a malware attack and then used the stolen credentials to log into the central database.

Similarly, security experts discovered that a banking trojan called Cronos is using man-in-the-middle attacks to infiltrate a web browser and target web pages of banks. Cronos uses phishing emails or web-inject tools that can modify webpages, helping cybercriminals steal users’ banking credentials and other information. Researchers at Proofpoint found that in Germany, users of five banks were targeted through an email campaign with an infected Word document as the attachment. Similarly, in Japan, users of 13 banks were duped into opening a webpage carrying malicious JavaScript injections.

Also Read: The knotty problem of data breaches

According to a July report by risk management firm Digital Shadows and cybersecurity firm Onapsis, thousands of patched systems at government agencies, media houses and financial institutions in US are facing the risk of a massive distributed denial of service attack. The source of risk is the vulnerabilities affecting enterprise resource planning applications used by the affected institutions. Though Oracle and SAP, have issued patches to plug the vulnerability, many systems are still unpatched. Security experts caution that organisations need to be more vigilant.

Close