(Artwork. Source: bitcoinexchangeguide.com) Ransomware attacks have been on the rise in South Korea over the past year, paralyzing hospitals and shopping malls amid the COVID-19 pandemic leading to an increase in online shopping activities. . On June 3, a large plastic surgery hospital in the south of Seoul announced on its website that its server had been attacked with ransomware and that hackers appeared to have stolen data. patient’s personal data. This is the latest in a series of recently reported ransomware attacks – a tactic used by cybercriminals to infiltrate businesses’ systems and use their data to demand ransom. ransom. According to the South Korean Ministry of Science and Information Technology, last year there were 127 ransomware attacks, a threefold increase from the previous year. Since the beginning of this year, the country has recorded 65 attacks with ransomware. Malware attacks blackmail was aimed at various businesses in Korea. Last month, food delivery company Super Hero’s operations were paralyzed for hours after an attack that affected 15,000 delivery workers nationwide. Last November, local fashion and retail group E-Land was also “inquired” by hackers, forcing 23 of the 50 branches of the NC Department Store and NewCore Outlet to suspend operations. Mr. Kim Seung-joo, Professor of Cyber ​​Security at University Korea , commented that as companies are forced to choose to increase their reliance on remote work during the pandemic, cyber attacks malicious code Blackmail has become a bigger threat because they can paralyze the entire working system. This has led to many companies paying a ransom and has led hackers to carry out more attacks. He urged businesses to invest in cybersecurity to prevent the threat in the first place. In response to ransomware attacks in the near future, last month, the Korean Ministry of Information and Communications Technology set up a 24-hour monitoring group to support hacked companies. . The government is now providing assistance to affected companies in system recovery.

Illustration. The cybersecurity situation has undergone drastic changes in recent times, especially in the context of the Covid-19 epidemic and the trend of remote working. This manifests itself in large-scale and increasingly complex attacks. Hackers perform an average of 50 million password attacks per day, 579 attacks per second. AGAINST MALWARE AND RAMSOMWARE WITH DEVELOPMENT Microsoft’s telemetry results released over the weekend showed that the prevalence of malware and ransomware infections in Asia-Pacific has been increasing over the past 18 months, stretching back to before the Covid-19 pandemic. -19 outbreak to date. Specifically, in Australia it is 23%; China is 80%; India 15%; Japan 16%; New Zealand 19%, Singapore 43%, Hong Kong 38%, South Korea 22%, Malaysia 2%, Philippines 15%, Taiwan 16%, Thailand 3% and Vietnam 7%. Among them, Indonesia alone has a 24% decrease in malware infection rate. The number of cyber attacks and the number of Vietnamese IP addresses in botnets increased in March 2021 due to hackers taking advantage of the increasing demand for Internet use by users as well as people’s interest in translation information. Covid-19. During the same period, the number of ransomware infections (a subset of malware) also increased by 453% in Australia; China (463%); India (100%); Japan (541%); New Zealand (825%); Singapore (296%), Hong Kong (179%), Indonesia (31%), South Korea (64%), Malaysia (72%), Philippines (70%), Taiwan (407%), Thailand (6%) ). This figure in Vietnam is recorded at 15%. In Vietnam, in March 2021 alone, the Information Security Administration recorded 491 incidents of cyber attacks on information systems, an increase of 8.15% compared to February 2021. In which, the number of Malware attacks is 180, while Phishing and Deface attacks are 164 and 147, respectively. In the first quarter of 2021, although compared to the same period in 2020, the number of cyberattacks causing problems on information systems decreased by 20%, but from the beginning of 2021 to now, the number of cyberattack incidents has decreased by 20%. is still in an uptrend. Experts believe that the reason for the increase in the number of cyberattacks and the number of Vietnamese IP addresses in botnets in March 2021 was because hackers took advantage of users’ increasing demand for Internet use as well as the interest People’s attention to information about Covid-19 epidemic. Therefore, the number of Phishing and Malware attacks on systems has increased to cheat, destroy and steal information illegally… It can be seen that, in the context of complicated epidemic developments, when more and more organizations, businesses and individual users work remotely, work from home, they are creating an environment for bad guys to exploit vulnerabilities, Attacks, information theft, large-scale cyberattacks take place in Vietnam and around the world. ABOUT 3.5 MILLION SECURITY PROFESSIONALS IN 2021 Experts say that even as more people begin returning to the office, hybrid work is forecast to remain the norm in the future. According to Forrester, as people gradually settle into a new working model after the pandemic, we will still see an increase in the proportion of employees working remotely compared to before the pandemic, at 300%. And the current Job Trends Index report shows that 53% of respondents in Asia plan to move to a new place because they can work remotely, compared to 46 percent globally. %. That change has been demanding an urgent need for new security solutions to meet the way of working, especially when the network of organizations is no longer limited to the “office wall”. This requires a very different mindset from the traditional “network is the border” and “device protection” approaches. Organizations and businesses need to take data and authentication as the center. While there are many other ways to secure these days, addressing identity, authentication, and information management issues is still critical. Experts have pointed out 4 main pillars to protect users against new work era cyber threats, including: identity protection, Zero Trust mindset, cloud application, and resource investment. security personnel. The network of organizations is no longer limited to the “office wall”. This requires a very different mindset from the traditional “network is the border” and “device protection” approaches. As recent attacks have shown, identity will be the “battlefield” for future attacks. Microsoft Vice President of Security, Compliance, and Identity Vasu Jakkal said that, in a world where identity is the new battleground, adopting a Zero Trust strategy has become a must for businesses. Karma. The hybrid workplace is virtually borderless, so it’s important to establish protective “barriers” around identities and devices. As part of his journey to building a Zero Trust mindset, the expert emphasized that “passwordless authentication will be the trend of the future and that transformation will be seen this year”. Besides the application of technology, experts also emphasize the special importance of people and skills in ensuring information security of each business organization. However, the lack of security professionals and the lack of diversity in security teams are two weaknesses that attackers will find to hit next year, the expert said. It is estimated that the information security industry will be short of about 3.5 million security professionals this year.

The malware affected 128 million iPhone users. The XcodeGhost malware was spread by hackers through the hidden installation of a version of Xcode programming software, then sharing on forums for iOS developers. Some of these malicious applications at that time included many popular names such as WeChat, the Chinese version of Angry Birds 2. Statistics show that about 2500 applications were infected with malware and up to 203 million users who downloaded these anti-malware applications Security experts believe that the XcodeGhost malware can collect information such as infected application name, device model, network information and some other data. Later, Apple said it did not record the data associated with the user’s identity, or the iCloud login password was collected. After the problem was discovered, Apple asked developers to use the official version of Xcode to compile the app before re-releasing it on the App Store. According to the 9to5mac Apple also strengthens the security process when installing Xcode, checking the application’s malicious code before releasing it on the App Store after the incident.

Colonial Pipeline America’s largest fuel pipeline system was attacked by network, has not yet assessed the damage. (Source: Freightwaves) To deal with the incident, the company had to close the entire network. Colonial Pipeline said the attack “suspended all pipeline operations and affected some of our IT systems”. Sources in cybersecurity revealed that the malware used in the Colonial Pipeline attack was ransomware – a type of malware designed to block systems with how to encrypt data and request a ransom payment to restore access. The Colonial transports gasoline, diesel, jet fuel and other refined products from the Gulf of Texas to the populous US East Coast via a 8,850 km pipeline, serving 50 million customers. Oil analyst Andy Lipow said that the impact of the attack on supply and fuel prices will depend on how long the pipeline is down. If the line stops working for a day or two, the impact will be minor. However, if the pipeline is forced to shut down for 5 or 6, shortages or price increases will occur, especially in the area stretching from Alabama to Washington DC. (According to AFP, Reuters)

Doctor Web researchers discovered 10 seemingly harmless apps on AppGallery – Huawei’s official app market – that contain codes that connect to malicious C&C servers to take over additional configuration and components. These additional components bypass the user, automatically signing up for the paid service. To cover the phone’s owner, they demanded access to the notification and then interfered with the SMS verification code sent by the paid service. According to experts, the malicious code will subscribe to up to 5 such services, although developers can change the limit at any time. The list of infected applications range from virtual keyboards, photography, launchers, texting to stickers, games. Most have the same developer, Shanxi Kuailaipai Network Technology. In total, 10 apps were downloaded by more than 538,000 Huawei users. Doctor Web reported to Huawei and the company removing them from AppGallery. However, downloaders still have to manually delete the device. Below is a list of software that need to be removed immediately: Super Keyboard, Happy Color, Fun Color, New 2021 Keyboard, Camera MX – Photo Video Camera, BeautyPlus Camera, Color RollingIcon, Funney Meme Emoji, Happy Tapping, All-in-One Messenger. Experts say that modules downloaded from the malicious AppGallery also appear in other apps on Google Play. Once activated, they contact the remote server to receive the configuration file, which contains the task list, the paid service website, and the JavaScript mimics the user’s actions. The Joker malware was born in 2017, continuously detected in apps on Google Play Store. In October 2019, Kaspersky malware analyst Tatyana Shishkova tweeted about more than 70 malicious applications on the Google market. According to Google, they have removed about 1,700 Joker malicious apps since 2017. Du Lam (According to BleepingComputer)