Cyber-criminals sold 20,000 Singaporean bank cards on the dark web last year – and hundreds of credentials from government sites were stolen in 2 years

The New Paper

Southeast Asia is one of the most actively attacked regions in the world – and Singapore is among the most targeted of the lot, a report has found.

Just last year, close to 20,000 Singaporean bank cards showed up for sale on the dark web, while hundreds of credentials from Singaporean government agencies and educational institutions were stolen over the past two years, Group-IB said.

Group-IB, a company which develops software and hardware for cyber defence, presented the analysis of its Hi-Tech Crime Trends 2018 at Money 20/20 Asia, which is being held in Singapore this week.

It found that 19,928 compromised payment cards related to Singaporean banks were put up for sale on darknet cardshops last year – an increase of 56 per cent since 2017.

And the total underground market value of all the compromised cards amounted to nearly US$640,000 (S$861,607).

Group-IB also detected two spikes in Singaporean bank dumps – defined as “unauthorised, digital copies of the information contained in magnetic stripe of a payment card” – which went up for sale on the dark web in 2018.

In July last year, almost 500 dumps related to top Singaporean banks emerged on Joker’s Stash, one of the most popular underground hubs of stolen card data, Group-IB said.

The price per dump in this leak was relatively high at US$45, the company said, adding that the higher price was due to the fact that most of the cards were premium cards.

The second breach occurred in November 2018, when 1,147 Singaporean bank dumps were put on sale. According to Group-IB, the seller in this leak wanted US$50 per item, and 50 per cent of stolen cards were also marked as premium.

Credentials stolen from government sites

The report also found that hackers stole hundreds of credentials from compromised Singaporean government agencies and educational institutions throughout the past two years.

Cyber-criminals stole users’ logins and passwords from the the Government Technology Agency, Ministry of Education, Ministry of Health, Singapore Police Force, National University of Singapore’s learning management system, among others.

Upon identification of this information, Group-IB’s CERT-GIB (Computer Emergency Response Team) reached out to the Singapore Computer Emergency Response Team (SingCert).

“Users’ accounts from government resources are either sold on underground forums or used in targeted attacks on government agencies for the purpose of espionage or sabotage,” Dmitry Volkov, Group-IB’s CTO and head of threat intelligence, said.

“Even one compromised account, unless detected at the right time, can lead to the disruption of internal operations or leak of government secrets,” he added.

A spokesman from Smart Nation and Digital Government Group told The New Paper (TNP) that in January, GovTech was indeed alerted to credentials in illegal data banks, which comprise e-mail addresses and passwords provided by individuals.

“Around 50,000 of them are government e-mail addresses. They are either outdated or bogus addresses, except for 119 of them which are still being used,” he was quoted as saying.

“As an immediate precautionary measure, all officers with affected credentials have changed their passwords,” he reportedly added.

According to TNP’s report, the spokesman said that the credentials were leaked from officers who used them for personal and non-official purposes, and not from government systems.

“Officers have been reminded not to use government e-mail addresses for such purposes, as part of basic cyber hygiene,” he reportedly added.

Group-IB’s data showed that Pony Formgrabber, QBot and AZORult were the top three most popular Trojan-stealers among cybercriminals – all of which are capable of compromising the credentials of crypto wallets and crypto exchanges users. 

The report also found that the hackers had leaked public data, which is “another huge source of compromised user credentials from government websites”, it said.

By analysing recent “massive public data breaches”, Group-IB discovered 3,689 unique records – emails and passwords – which are related to Singaporean government website accounts.

The report said: “Singapore, as one of the major financial hubs in Southeast Asia is drawing more and more attention of financially motivated hackers every year.”

Read also: