The Accellion data breach continues to get messier

Morgan Stanley has joined the growing list of Accellion hack victims — more than six months after attackers first breached the vendor’s 20-year-old file-sharing product. 

The investment banking firm — which is no stranger to data breaches — confirmed in a letter this week that attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of its third-party vendor, Guidehouse. In a letter sent to those affected, first reported by Bleeping Computer, Morgan Stanley admitted that threat actors stole an unknown number of documents containing customers’ addresses and Social Security numbers.

The documents were encrypted, but the letter said that the hackers also obtained the decryption key, though Morgan Stanley said the files did not contain passwords that could be used to access customers’ financial accounts.

“The protection of client data is of the utmost importance and is something we take very seriously,” a Morgan Stanley spokesperson told TechCrunch. “We are in close contact with Guidehouse and are taking steps to mitigate potential risks to clients.”

Just days before news of the Morgan Stanley data breach came to light, an Arkansas-based healthcare provider confirmed it had also suffered a data breach as a result of the Accellion attack. Just weeks before that, so did UC Berkely. While data breaches tend to grow past initially reported figures, the fact that organizations are still coming out as Accellion victims more than six months later shows that the business software provider still hasn’t managed to get a handle on it. 

The cyberattack was first uncovered on December 23, and Accellion initially claimed the FTA vulnerability was patched within 72 hours before it was later forced to explain that new vulnerabilities were discovered. Accellion’s next (and final) update came in March, when the company claimed that all known FTA vulnerabilities — which authorities say were exploited by the FIN11 and the Clop ransomware gang — have been remediated.

But incident responders said Accellion’s response to the incident wasn’t as smooth as the company let on, claiming the company was slow to raise the alarm in regards to the potential danger to FTA customers.

The Reserve Bank of New Zealand, for example, raised concerns about the timeliness of alerts it received from Accellion. In a statement, the bank said it was reliant on Accellion to alert it to any vulnerabilities in the system — but never received any warnings in December or January.

“In this instance, their notifications to us did not leave their system and hence did not reach the Reserve Bank in advance of the breach. We received no advance warning,” said RBNZ governor Adrian Orr.

This, according to a discovery made by KPMG International, was due to the fact that the email tool used by Accellion failed to work: “Software updates to address the issue were released by the vendor in December 2020 soon after it discovered the vulnerability. The email tool used by the vendor, however, failed to send the email notifications and consequently the Bank was not notified until 6 January 2021,” the KPMG’s assessment said. 

“We have not sighted evidence that the vendor informed the Bank that the System vulnerability was being actively exploited at other customers. This information, if provided in a timely manner is highly likely to have significantly influenced key decisions that were being made by the Bank at the time.”

In March, back when it was releasing updates about the ongoing breach, Accellion was keen to emphasize that it was planning to retire the 20-year-old FTA product in April and that it had been working for three years to transition clients onto its new platform, Kiteworks. A press release from the company in May says 75% of Accellion customers have already migrated to Kiteworks, a figure that also highlights the fact that 25% are still clinging to its now-retired FTA product. 

This, along with Accellion now taking a more hands-off approach to the incident, means that the list of victims could keep growing. It’s currently unclear how many the attack has claimed so far, though recent tallies put the list at around 300. This list includes Qualys, Bombardier, Shell, Singtel, the University of Colorado, the University of California, Transport for New South Wales, Office of the Washington State Auditor, grocery giant Kroger and law firm Jones Day.

“When a patch is issued for software that has been actively exploited, simply patching the software and moving on isn’t the best path,” Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Center, told TechCrunch. “Since the goal of patch management is protecting systems from compromise, patch management strategies should include reviews for indications of previous compromise.”

Accellion declined to comment.

#accellion, #arkansas, #bank, #business-software, #california, #colorado, #computer-security, #computing, #data-breach, #governor, #healthcare, #information-technology, #investment-banking, #kroger, #law, #morgan-stanley, #qualys, #security, #security-breaches, #singtel, #spokesperson, #synopsys, #transport, #university-of-california

Ukrainian police arrest multiple Clop ransomware gang suspects

Multiple suspects believed to be linked to the Clop ransomware gang have been detained in Ukraine after a joint operation from law enforcement agencies in Ukraine, South Korea, and the United States.

The Cyber Police Department of the National Police of Ukraine confirmed that six arrests were made after searches at 21 residences in the capital Kyiv and nearby regions. While it’s unclear whether the defendants are affiliates or core developers of the ransomware operation, they are accused of running a “double extortion” scheme, in which victims who refuse to pay the ransom are threatened with the leak of data stolen from their networks prior to their files being encrypted.

“It was established that six defendants carried out attacks of malicious software such as ‘ransomware’ on the servers of American and [South] Korean companies,” alleged Ukraine’s national police force in a statement.

The police also seized equipment from the alleged Clop ransomware gang, said to behind total financial damages of about $500 million. This includes computer equipment, several cars — including a Tesla and Mercedes, and 5 million Ukrainian Hryvnia (around $185,000) in cash. The authorities also claim to have successfully shut down the server infrastructure used by the gang members to launch previous attacks.

“Together, law enforcement has managed to shut down the infrastructure from which the virus spreads and block channels for legalizing criminally acquired cryptocurrencies,” the statement added.

These attacks first began in February 2019, when the group attacked four Korean companies and encrypted 810 internal services and personal computers. Since, Clop — often styled as “Cl0p” — has been linked to a number of high-profile ransomware attacks. These include the breach of U.S. pharmaceutical giant ExecuPharm in April 2020 and the attack on South Korean e-commerce giant E-Land in November that forced the retailer to close almost half of its stores.

Clop is also linked to the ransomware attack and data breach at Accellion, which saw hackers exploit flaws in the IT provider’s File Transfer Appliance (FTA) software to steal data from dozens of its customers. Victims of this breach include Singaporean telecom Singtel, law firm Jones Day, grocery store chain Kroger, and cybersecurity firm Qualys.

At the time of writing, the dark web portal that Clop uses to share stolen data is still up and running, although it hasn’t been updated for several weeks. However, law enforcement typically replaces the targets’ website with their own logo in the event of a successful takedown, which suggests that members of the gang could still be active.

“The Cl0p operation has been used to disrupt and extort organizations globally in a variety of sectors including telecommunications, pharmaceuticals, oil and gas, aerospace, and technology,” said John Hultquist, vice president of analysis at Mandiant’s threat intelligence unit. “The actor FIN11 has been strongly associated with this operation, which has included both ransomware and extortion, but it is unclear if the arrests included FIN11 actors or others who may also be associated with the operation.”

Hultquist said the efforts of the Ukrainian police “are a reminder that the country is a strong partner for the U.S. in the fight against cybercrime and authorities there are making the effort to deny criminals a safe harbor.”

The alleged perpetrators face up to eight years in prison on charges of unauthorized interference in the work of computers, automated systems, computer networks, or telecommunications networks and laundering property obtained by criminal means.

News of the arrests comes as international law enforcement turns up the heat on ransomware gangs. Last week, the U.S. Department of Justice announced that it had seized most of the ransom paid to members of DarkSide by Colonial Pipeline.

#aerospace, #colonial-pipeline, #crime, #cybercrime, #e-commerce, #extortion, #government, #kroger, #law, #law-enforcement, #malware, #mandiant, #oil-and-gas, #pharmaceuticals, #qualys, #ransomware, #security, #security-breaches, #singtel, #south-korea, #telecommunications, #tesla, #ukraine, #united-states

Grab-Singtel and Ant Group win digital bank licenses in Singapore

Singapore on Friday granted four firms including Ant Group and Grab the licenses to run digital banks in the Southeast Asian country, in a move that would allow tech giants to expand their financial services offerings.

The nation’s central bank, Monetary Authority of Singapore (MAS), said it applied a “rigorous, merit-based process” to select a strong slate of digital banks. As these digital banks start their pilot operations, MAS said it will review whether more companies could be granted this license.

A total of 21 firms including TikTok-parent firm ByteDance had applied to get a digital license, of which 14 met the eligibility criteria, MAS said. Major giants see a major opportunity in expanding to financial services as a way to supercharge their revenue in the rapidly growing region.

MAS said it expects the new digital banks to commerce operations from early 2022. The other two licenses went to an entity wholly-owned by internet giant Sea, and a consortium of Greenland Financial Holdings, Linklogis Hong Kong and Beijing Cooperative Equity Investment Fund Management.

Like traditional banks, Grab-Singtel and Sea will be able to offer customers banking accounts, debit and credit cards and other services. Digital wholesale banks — Ant-owned entity and Greenland Financial consortium — will serve small and medium-sized businesses. None of them will be required to have a physical presence.

MAS said it expects the new digital banks to commerce operations from early 2022. The other two licenses went to an entity wholly-owned by Sea, and a consortium that includes Greenland Financial Holdings, Linklogis Hong Kong, and Beijing Cooperative Equity Investment Fund Management.

“We expect them to thrive alongside the incumbent banks and raise the industry’s bar in delivering quality financial services, particularly for currently underserved businesses and individuals,” said MAS MD Ravi Menon in a statement. A handful of countries including the UK, India, and Hong Kong have streamlined their regulations in recent years to grant tech companies the ability to operate as digital banks.

Ride-hailing firm Grab and telecom operator Singtel formed a consortium last year to apply for the digital full bank license. Their combined experience and expertise “will further our goal to empower more people to gain better control of their money and achieve better economic outcomes for themselves, their businesses and families,” said Anthony Tan, Group CEO & Co-Founder of Grab, in a statement Friday.

In a statement, Ant Group said, “Over the years, Ant Group has accumulated substantial experience and proven success, especially in China where we work with partner financial institutions to serve the needs of SMEs,” Ant said in a statement. “We look forward to building stronger and deeper collaborations with all participants in the financial services industry in Singapore.”

#ant-group, #apps, #asia, #china, #finance, #government, #grab, #singapore, #singtel

Streaming service Hooq shuts down, ends partnerships with Disney’s Hotstar, Grab and others

Hooq, a five-year-old on-demand video streaming service that aimed to become “Netflix for Southeast Asia,” has shut down weeks after filing for liquidation and terminated its partnerships with Disney’s Hotstar, ride-hailing giant Grab, and Indonesia’s VideoMax.

Hooq Digital, a joint venture among Singapore telecom group Singtel (majority owner), Sony Pictures, and Warner Bros Entertainment, discontinued the service on Thursday. It had amassed over 80 million subscribers in nearly half of the dozen markets in Asia.

“For the past 5 years, we gave you unbelievable thrills, heartrending drama, roaring laughs, awesome action, and more. Our goal was to bring you the best entertainment from here to Hollywood. Our hearts are full of gratitude for all of you who shared the journey with us,” it says on its website.

Hooq publicly disclosed that it had raised about $95 million, but the sum was likely higher. News outlet The Ken analyzed the regulatory filings last month to report that Hooq had raised $127.2 million, and its losses in the financial year 2019 had ballooned to $220, suggesting that it had received more capital.

The streaming service said last month that it could not receive new funds from new or existing investors.

Homepage of Hooq

The service counted India, where it entered into a partnership with Disney’s Hotstar in 2018 and telecom operators Airtel and Vodafone, as its biggest market. The company also maintained a partnership with ride-hailing giant Grab to supply content in its cab, and VideoMAX in Indonesia.

Hooq brought dozens of D.C. universe titles including “Arrow,” “The Flash,” “Wonder Woman” and other popular TV series such as “The Big Bang Theory” to its partners. In India, users began noticing last week that those titles were disappearing from Hotstar.

A spokesperson of Hooq told TechCrunch today that its tie-ups with all its partners including Hotstar have closed. A Hotstar spokesperson did not respond to a request for comment.

Mobile operator Singtel first unveiled Hooq’s liquidation in an exchange filing last month. The Ken reported that the filing left hundreds of employees at Hooq stunned who thought the firm was doing fine financially. Nearly every employee at Hooq has been let go, with select few offered a job at Singtel, according to The Ken.

In an interview with Slator earlier this year, Yvan Hennecart, Head of Localization at HOOQ, said that the company was working to expand its catalog with local content and add 100 original titles in 2020.

“Our focus is mostly on localization of entertainment content; whether it is subtitling or dubbing, we are constantly looking to bring more content to our viewers faster. My role also expands to localization of our platform and any type of collateral information that helps create a unique experience for our users,” he told the outlet.

#airtel, #apps, #asia, #disney, #entertainment, #grab, #hooq, #hotstar, #media, #mobile, #netflix, #singtel, #southeast-asia, #vodafone, #warner-bros

Myriota raises $19.3 million to expand its IoT satellite constellation

Internet of things satellite connectivity startup Myriota has raises a $19.3 million Series B funding round, led by Hostplus and Main Sequence Ventures, with additional funding from Boeing, former Australian PM Malcolm Turnbull, Singtel Innov8 and others. The company has now raised $37 million in Funding, and has four satellites on orbit already, with a plan to expand that to 25 by 2022 with the help of this new funding.

Myriota provides low-cost, power efficient direct satellite connectivity for IoT uses, including industrial applications like equipment monitoring and measurement of environmental measures like groundwater levels. The Adelaide-based company has developed its own proprietary low-over iOT communications technology, that claims big advantages over existing solutions in terms of battery life, security, scalability and cost.

With this new funding, it also hopes to expand headcount, adding 50 percent more employees over the course of the next two years, with a focus on expanding globally to provider service to more international markets. It’s also going to concentrate on building out product to enable real-time reporting across all its offerings.

Already, Myriota has begun its expansion plans with a new acquisition of assets from another space tech company, Canada’s exactEarth. The company has purchased four satellites on orbit from the company and brought on new employees as well as six ground stations located in new international locations, including in Canada, the U.S., Norway, Singapore, Panama and Antarctica.

In total, Myriota has a goal of building out a constellation of 50 IoT satellites to provide global scale and service.

#aerospace, #antarctica, #articles, #boeing, #canada, #internet-of-things, #norway, #panama, #satellite, #singapore, #singtel, #singtel-innov8, #space, #startups, #tc, #technology, #united-states

Streaming service Hooq files for liquidation

On-demand video streaming service Hooq said on Friday it has filed for liquidation after it failed to grow rapidly and cover its increasing operating costs.

Hooq Digital, a joint venture among Singapore telecom group Singtel (majority owner), Sony Pictures, and Warner Bros Entertainment, said the company sailed through “significant structural changes” in the on-demand video streaming market for five years but is now struggling to provide sustainable returns to investors.

“Global and local content providers are increasingly going direct, the cost of content remains high, and emerging-market consumers’ willingness to pay has increased only gradually amid an increasing array of choices,” a Hooq spokesperson said in a statement.

“Because of these changes, a viable business model for an independent, OTT distribution platform has become increasingly challenged. As a result, HOOQ has not been able to grow sufficiently to provide sustainable returns nor cover escalating content costs and the continuous operating costs of an independent OTT distribution platform,” the spokesperson added.

The Singapore-headquartered firm said it has not received any new funds from new or existing investors. According to Crunchbase, Hooq has raised $95 million to date, including $70 million the three aforementioned giants pumped into it in 2015.

The company will hold a meeting with its shareholders and creditors on April 13. In an exchange filing, Singtel said Hooq’s liquidation won’t have any material impact on its business.

HOOQ has amassed 80 million users in India, Indonesia, Thailand, Singapore, and the Philippines. The company counted India, where it entered into a partnership with Disney’s Hotstar in 2018, as its biggest market. The company also maintains a partnership with ride-hailing giant Grab to supply content in its cab.

The disclosure from Hooq comes as a surprise as just two months ago it was talking about its plans to expand its footprint in the nations where it operates. In an interview with Slator, Yvan Hennecart, Head of Localization at HOOQ, said the company was working to expand its catalog with local content and add 100 original titles this year.

“Our focus is mostly on localization of entertainment content; whether it is subtitling or dubbing, we are constantly looking to bring more content to our viewers faster. My role also expands to localization of our platform and any type of collateral information that helps create a unique experience for our users,” he told the outlet.

#apps, #asia, #hooq, #hotstar, #media, #singtel