Furniture retailer Vhive made the news earlier this year, but not for their promotions: they’d been breached by a cybercrime group known as ALTDOS. The hackers had stolen data on all of Vhive’s customers and threatened to release it if Vhive did not pay the US$75,000 ransom.
Vhive agreed at first. But when they reneged a few days later, ALTDOS responded by hacking them a third time and taking control of their mail server.
Vhive isn’t the only ALTDOS victim this year. Audio House, UniSpec, and OrangeTee are among the cybercrime group’s Singapore-based victims.
Thing is, many of these SMEs share the same vulnerabilities. And with cybercrime on the rise and ALTDOS still at large, there’s no telling which local SME could be next.
What Vulnerabilities Did These SMEs Have?
Nearly six months after the initial attack, ALTDOS continues to hold control over Vhive’s systems. In a tragic twist, the hackers claimed that Vhive had failed to inform individual customers of the breach — so ALTDOS sent emails to customers on their behalf.
The question is, what vulnerabilities allowed ALTDOS to infiltrate and maintain control over Vhive’s systems for months afterwards? And how are many Singapore SMEs equally susceptible to these attacks?
Vulnerability #1: ALTDOS Breached Them Through Outdated Apache Servers.
Apache is a popular choice for SMEs looking to cut costs. It’s free and open-source, making it a low-budget option to run your email server on.
Unfortunately, Apache also makes you an easy target because it’s internet-facing. Hackers can find it by running a scan over the web.
Once they’re in, the cybercriminals search for any vulnerable systems they can detect on the network. Drop a backdoor or trojan and voila — the hackers can get into your systems anytime they want.
Vulnerability #2: An Employee Has A Compromised Machine.
Clicked on any popup ads recently? If you don’t have adequate protection on your computer, those popups are an easy way for hackers to install a backdoor into your system.
It’s not as simple as doing an antivirus scan every so often. Backdoors and trojans usually lie dormant for a while after the initial infiltration, so it’s hard for typical antivirus software to detect the malware.
It could even be hidden on the intern’s computer — a device that nobody thinks to check.
Vulnerability #3: The SMEs Used Insecure Encryption Algorithms.
To steal the data of over 300,000 customers, ALTDOS executed two hacks: one to get into Vhive’s system, and one to decrypt their database of customer passwords.
If ALTDOS had only gotten into the system but could not decrypt the passwords, they wouldn’t have been able to extract the data.
That made it clear that Vhive used a weak encryption protocol for their customer passwords — likely one known as MD5, which has been cryptographically broken and is considered insecure.
The same goes for electronics retailer Audio House, which had their customer data stolen in May this year.
And since most people recycle their passwords, those exposed passwords are also likely to open customers up to more data theft. All the hackers need to do is to run a bot and match the usernames on other systems.
Read also: How to Improve Cybersecurity for Your SME
Hope Is Not A Strategy — Act Now
According to Singapore’s Cyber Security Agency, ransomware cases have more than doubled since the start of the pandemic. From 2019’s 35 cases to 89 reported cases last year, cybercrime has become a major threat to Singapore’s highly digital economy.
Vhive still hasn’t recovered from the ALTDOS attacks in late March. OrangeTee is ALTDOS’s most recent victim, with the cybercriminals reportedly stealing 969 databases ranging from corporate and financial records to private customer information.
Once you’re attacked, rooting out the backdoors and trojans in your system isn’t an easy feat. You’ll need to conduct a thorough threat hunting, sifting through each and every detail in your entire network to track down that malicious entity.
And given the number of unsecured personal devices that are likely to be on your network, this could easily become a mammoth endeavour.
In this case, it’s best to engage a professional cybersecurity firm to root out the threat and patch the holes in your system.