A criminal group active since December 2020 has claimed dozens of victims across Southeast Asia, prompting a global alert issued by the Singapore government. The country’s authorities are warning neighbors about the actions of ALTDOS, a gang that has already hit giants in the financial, retail and telecommunications sectors, with ransomware and intrusion attacks that lead to the exposure of data from customers, employees and business partners.
The general warning was given in response to two recent incidents, which are among the largest operations ever carried out by the gang. In June, the victim was electronics retailer Audio House, while in August it was OrangeTee, a Singapore real estate company. In both cases, customer bases were put up for sale while companies were extorted tens of thousands of dollars worth of cryptocurrencies.
The focus of the bad guys would be unprotected servers or without updates, especially those running Apache systems, from known vulnerabilities. Depending on the case, ALTDOS acts on data sequestration or only extracts information bases, depending on the level of lateral dissemination obtained and the type of volume found. In some cases, there was even extortion in exchange for not carrying out a ransomware attack, with experts pointing out that 70% of victims make the payment, which also means that the intrusion is kept confidential.
Want to catch up on the best tech news of the day? Access and subscribe to our new youtube channel, Canaltech News. Everyday a summary of the main news from the tech world for you!
Other confirmed victims include 3BB and Mono Next, respectively an internet operator and media company from Thailand, as well as Unispec, from Singapore’s naval sector. According to the country’s government, in addition to openings on servers, ALTDOS also exploits flaws that allow SQL injection into vulnerable sites, as well as a way to gain access to volumes of data.
Announcement of the sale of data from more than 298,000 people, obtained after an attack by the ALTDOS gang on a major electronics retailer in Singapore (Image: Reproduction/The Record)
“A statement that has become cliché is that the company will be attacked, but it is not known when. This reinforces the organizations’ prioritization of attempts to minimize impacts”, explains Claudio Bannwart, regional director of Check Point Software Brasil. Localized attacks show a victim preference, but the methods used by ALTDOS are similar to those of many globally active ransomware gangs, and the security recommendations are also similar.
The main one involves updating the operating system of servers, computers and components, with special attention to security patches, which promote the closing of known holes. In addition, the specialist points out the use of security solutions that identify network activity, as well as revisions in access policies, as a way to keep intruders out of the infrastructure.
“Incident response must be fast, employee training is essential, identity management becomes paramount, and also [é bom] have greater visibility about what happens in the corporate network”, adds Bannwart. Backup routines and vulnerability assessment services are also good ways to make it harder for criminals to act, including zero-day attacks, that is, those that are not known even by the developers of the affected software.
In light of the increase in cases, the Singapore government also recommends that victims not make the requested payments. According to the authorities, there is no guarantee that, by doing this, companies will get their data back, nor that they will not be leaked, while such action makes the crime profitable and motivates the continuity of the criminals’ actions.
Source: SingCert, Check Point, The Record
Did you like this article?
Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.