DailyPost 2860
ENTER THE THIRD PARTY WAY
Newer ways of inflicting maximum damage and monetising it exponentially is what the hackers aim at. As per the CrowdStrike Threat Landscape Report 2024 third party relationship exploitation is making waves in the hacking industry for the results it delivers and will continue to be on top of the charts in 2024 and in the near foreseeable future. This is exploitation of trusted relationships. This is turning out to be a favoured path for the initial access to organisations. Two techniques are used for the purpose, compromising the software supply chain and leveraging access to vendors supplying IT services.
This has precisely been the case in the recent Singapore hack. The news that is pouring in makes great sense in the backdrop of this study. There has been a breach of 128K Singapore borrowers’ data at risk, as the hackers breach a third party system. As a consequence of it, a phishing alert has been issued. As per the news hackers breached the IT system of a Ezynetic, a third party vendor, facilitating access to 128,000 Singapore borrowers who gave the information to licensed moneylenders. The Singaporean Ministry of Law has confirmed the breach. They have also published the list of 12 licensed moneylenders using the services of the third party IT vendor.
The government has made no delay in clarifying that the Ezynetic’s system is not hosted on or linked to the government network. The Ministry added that Ezynetic’s systems was “accessed by a malicious actor” and data containing “personally identifiable information” was leaked. What did the data include? It had names, NRIC numbers of borrowers as well as loan information. The compromised data can be expected to be used for phishing and other scam attempts. The other fascinating part of this leak is that eight other licensed moneylenders that use Ezynetic’s services were not affected.
Containing the damage after breaches of this type is most critical. As a containment measure, Credit Bureau Singapore (CBS) has restricted access to the platform for all 20 licensed moneylenders served by Ezynetic. CBS operates the Moneylenders Credit Bureau (MCLB) platform. Its online functions remain fully available to the other 133 licensed money lenders in Singapore. The licensed moneylenders are legally bound to protect any information in their possession or control, including information residing on third party vendor systems. CBS is also working to support the affected licensed moneylenders’ business recovery efforts.
A THIRD PARTY ATTACK INCREASES THE THE EXPANSE OF THE ATTACK AND CONSEQUENT KILL CONSIDERABLY.
Sanjay Sahay
Have a nice evening.