Connect with us

Crime

Singapore Medical Academy hit by Russian ransomware gang: Personal data of 50 doctors exposed

In a startling cybersecurity breach, sensitive data from around 50 doctors connected to the prestigious Academy of Medicine, Singapore (AMS), has surfaced on the Dark Web.

This incident adds to a concerning series of data breaches, impacting both government and private sectors in the country.

Published

1 year ago

on

SINGAPORE: In a shocking cybersecurity breach, the personal information of doctors associated with the esteemed Academy of Medicine, Singapore (AMS), has been discovered on the Dark Web.

The personal information of some 50 doctors linked to the AMS, including senior figures in the medical fraternity, has been put up on the Dark Web by a Russian-based ransomware gang since Sunday (10 Sept), according to Singapore state media the Straits Times.

The compromised doctors encompass a diverse group, consisting of both local and foreign professionals.

Among the affected individuals are prominent figures in the medical fraternity, including directors of the academy, faculty members, and even students undergoing advanced specialist training within Singapore.

The leaked database, which amounts to a staggering 13.69 gigabytes of data, contains sensitive personal information such as National Registration Identity Card (NRIC) numbers and home addresses.

Additionally, the hackers gained access to AMS’ social media account login credentials and a comprehensive staff directory complete with mobile phone numbers.

Interestingly, the staff contact list was last updated in May, with an earlier 2019 version located in a folder marked for deletion.

Another folder within the exposed data includes a 2021 contract that reveals recipients’ home addresses.

Furthermore, it contains letters granting a lifetime fellowship to members above the age of 65 who have maintained a minimum of 10 years of membership.

These letters are dated 23 March 2022, with five out of nine containing recipients’ home addresses.

Among the revelations, another folder contains letters from Brunei’s Public Service Department, outlining the allowances granted to seven Bruneian doctors pursuing specialist training in Singapore.

AMS said they first detected the ransomware attack on 13 July

According to the ST, AMS acknowledged that it first detected the ransomware attack on July 13, which compromised its servers.

The Lockbit 3.0 gang subsequently made the stolen data available on the Dark Web for free, releasing it at 4:41 AM on Sunday.

Upon discovering the breach, AMS swiftly took its servers offline.

An AMS spokesperson stated, “The immediate measures included appointing cyber-security and legal experts who were tasked to work with us to review and strengthen the academy’s cyber-security infrastructure while investigations were ongoing.”

In response to the attack, AMS promptly filed reports with the local police, the Cyber Security Agency of Singapore, and the Personal Data Protection Commission (PDPC).

Additionally, they notified both their members and individuals who have engaged with the academy, urging them to take necessary precautions. Subsequent investigations confirmed the data breach.

To enhance their cybersecurity posture, AMS has taken proactive measures, including the implementation of an enhanced firewall and multi-factor authentication.

These steps were recommended by cybersecurity experts to safeguard against future threats.

LockBit 3.0 ransomware emerges as a pervasive cyber threat

LockBit’s origin dates back to September 2019 when it initially surfaced as the ABCD ransomware. Over time, it evolved into one of the most prolific and formidable ransomware families known today.

LockBit operates on a ransomware-as-a-service (RaaS) model, consistently innovating to maintain a competitive edge in the cybercriminal landscape.

In late June 2022, the LockBit ransomware group introduced LockBit 3.0, marking the latest iteration in their ransomware lineage. This successor to LockBit 2.0 is recognized as one of the most formidable and dangerous ransomware strains in existence.

Being a modular ransomware, LockBit 3.0 comprises various customizable components, allowing its operators to continually enhance the malware with new functionalities and capabilities. This adaptability makes it exceptionally challenging to defend against.

LockBit 3.0 has been associated with a minimum of 1,653 ransomware attacks, as evident from the victims listed on its leak site. However, it is strongly suspected that the actual number of attacks is considerably higher, as many victims may choose not to report such incidents.

Prior to its notoriety in June, LockBit had already targeted and exposed sensitive data from luxury retailer Cortina Watch.

Additionally, it breached the security of Taiwan Semiconductor Manufacturing Company, the world’s largest chipmaker, during the same month, further highlighting its audacity and reach in the cybercrime landscape.

According to a report issued by The Cyber Security Agency of Singapore (CSA) in June this year,  the number of reported ransomware cases saw a slight decrease with 132 cases reported to CSA in 2022, compared to the 137 cases reported in 2021.

Ransomware remains a major issue both in Singapore and globally, with cybersecurity vendors reporting a 13 per cent increase in ransomware incidents worldwide in 2022.

Revisiting Singapore’s history of data leaks and Dark Web exposure

The recent data leak at AMS is far from an isolated incident in Singapore. The nation has witnessed a series of significant data breaches in recent history, with personal information from both government and private entities being leaked online or put on the Dark Web.

In 2018, Singapore witnessed the massive SingHealth data breach, one of the largest healthcare data breaches ever recorded, affecting the personal data of over 1.5 million patients.

The following year, in 2019, the Ministry of Health (MOH) confirmed a distressing breach involving confidential information related to 14,200 individuals diagnosed with HIV up to January 2013, along with 2,400 of their contacts. Then-Health Minister Gan Kim Yong publicly apologized for this grave breach of confidentiality.

The data breach was orchestrated by Mikhy Farrera-Brochez, a male US citizen who had been residing in Singapore since 2008. Farrera-Brochez was subsequently incarcerated in 2017 on multiple charges, including fraud, drug-related offences, and deception regarding his own HIV status.

In the same year, 2019, two additional data breach incidents affected the Ministry of Defence (Mindef) and the Singapore Armed Forces (SAF), compromising the personal data of numerous personnel.

March 2019 saw the revelation by Russian cybersecurity company Group-IB that email login credentials of government agency employees and educational institutions, along with details of over 19,000 compromised payment cards from local banks, were available for sale on the Dark Web for an extended period of more than two years.

The affected organizations included the Government Technology Agency (GovTech), the Ministry of Education, the Ministry of Health, the Singapore Police Force, and the National University of Singapore.

In 2022, there were over 182 data incidents reported in the public sector, a 2% increase from the previous year.

 

Related Topics:
Continue Reading
Click to comment
Subscribe
Notify of
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

Crime

S$3b money laundering convicts and Alice Guo charged with human trafficking in Philippines

Zhang Ruijin and Lin Baoying, convicted in Singapore’s S$3 billion money laundering case, have been charged in the Philippines for human trafficking, along with former mayor Alice Guo. The group is accused of operating a scam centre involving hundreds of workers in Tarlac province.

Published

3 hours ago

on

20 September 2024

By

MANILA, PHILIPPINES: Two Fujian-born individuals previously convicted in Singapore’s S$3 billion money laundering case, Zhang Ruijin and Lin Baoying, have been named among 14 people charged with human trafficking in the Philippines.

The charges were filed by the Department of Justice on 17 September, involving a major scam operation in Tarlac province.

Zhang and Lin, along with former Bamban mayor Alice Guo, are accused of forcing hundreds of people from various nationalities into working for a scam centre located in Bamban, Tarlac.

The site was raided in March 2024, leading to the discovery of 432 Chinese nationals, 371 Filipinos, and other individuals from Vietnam, Malaysia, Taiwan, Indonesia, and Rwanda.

Guo, who was stripped of her mayorship in August, was arrested in Indonesia in September following her escape from the Philippines in July during an investigation into her alleged involvement in Chinese criminal syndicates.

The scam operation was run on land owned by Baofu Land Development, a company founded in 2019 by Guo, Zhang, Lin, Cypriot national Huang Zhiyang, and Philippine national Rachel Joan Malonzo Carreon.

All five individuals are among those facing charges of “qualified human trafficking,” a non-bailable offence which typically carries a penalty of life imprisonment.

Qualified trafficking, as defined under Philippine law, involves cases where syndicates, slavery, or forced labour are present.

Zhang and Lin were sentenced to 15 months in prison in Singapore after pleading guilty to money laundering and forgery charges.

They were deported to Cambodia in June after completing their sentences.

Guo, who had evaded Philippine authorities by hiding in Singapore for a month, was extradited back to the Philippines on 9 September and is now facing additional charges, including graft-related offences, tax fraud, and laundering criminal proceeds amounting to 100 million pesos (S$2.3 million).

Guo, whose birth name is allegedly Guo Hua Ping, is also under investigation for fabricating her nationality to qualify for public office, a role restricted to Philippine citizens.

She is accused of falsifying her birth records to conceal her Chinese nationality.

The case has drawn further attention due to the involvement of Huang Zhiyang, reported to be the head of illegal Philippine Offshore Gaming Operators (Pogos), which have been linked to human trafficking and scam operations.

Pogos, while licensed by the Philippine Amusement and Gaming Corporation (PAGCOR), have been criticized for exploiting workers and being a front for criminal activities.

In 2022, Pogos contributed 53.1 billion pesos (S$1.3 billion) to the Philippine economy, but lawmakers continue to express concerns about their operations.

Zhang and Lin’s current whereabouts remain unclear following their deportation.

Cambodian authorities reported Zhang was deported again on 16 July, but the destination country was not disclosed.

Continue Reading

Crime

Two arrested in US$230 million cryptocurrency theft and laundering scheme

Two men, including a Singaporean citizen, were arrested Wednesday night and charged in U.S. District Courts in Florida and California with stealing and laundering over US$230 million in cryptocurrency. The FBI raided a luxury Miami home linked to one suspect, who allegedly defrauded a Washington, D.C. victim.

Published

4 hours ago

on

20 September 2024

By

Malone Lam (Broward Sheriff’s Office), Luxury home at 1201 NE 83rd St (Miami Herald)

UNITED STATES: On Thursday (19 Sept), Malone Lam, 20, of Miami, FL, and Jeandiel Serrano, 21, of Los Angeles, CA, were charged with conspiracy to steal and launder over US$230 million in cryptocurrency from a Washington, D.C. victim.

Both suspects were arrested on Wednesday night and charged in U.S. District Courts in Florida and California on Thursday.

Lam, a Singaporean citizen known online as “Anne Hathaway” and “$$$,” and Serrano, who uses the aliases “VersaceGod” and “@SkidStar,” were charged with conspiracy to commit wire fraud and money laundering.

They are accused of using their online identities to fraudulently obtain over 4,100 Bitcoin, valued at more than US$230 million, from a Washington, D.C. victim, according to a press release by the U.S. Department of Justice.

According to the Miami Herald, the FBI raided a luxury waterfront home in Miami, FL, linked to Lam as part of the investigation.

The 10-bedroom, 10-bath home, listed on Zillow for US$11.5 million, was reportedly rented out to celebrities and musicians. Agents arrested Lam in Miami, while Serrano was simultaneously apprehended in Los Angeles. Neighbours described seeing Maseratis and Lamborghinis frequently parked at the Miami residence.

The indictment alleges that since at least August 2024, Lam and Serrano, along with unnamed accomplices, used sophisticated methods to gain access to victims’ cryptocurrency accounts.

The stolen funds were laundered through cryptocurrency exchanges, “peel chains,” pass-through wallets, and virtual private networks (VPNs) to obscure their origins.

The suspects allegedly spent the proceeds on luxury goods, including cars, jewellery, and rental properties in both Miami and Los Angeles.

The raid, which took place on Wednesday, was part of a grand jury indictment unsealed the next day. Agents were seen removing high-end vehicles from the property, and damage to the front gate was visible following the operation.

Local police provided support to the FBI during the raid.

The arrests were announced by U.S. Attorney Matthew M. Graves, FBI Acting Special Agent in Charge David Geist of the Washington Field Office, and Executive Special Agent in Charge Kareem A. Carter of the IRS-Criminal Investigation (IRS-CI) Washington, D.C. Field Office.

Continue Reading

Trending