logo
allArticlesConferencesPresentations

An Attackers View on APAC's 2021 Three Major Breaches

Conference:  OWASP 20th Anniversary Event

2021-09-24

Authors:   Ric Campo

Summary

The presentation covers the top three major breaches reported via IHaveBeenPwned in the APAC region in 2021, offering a summary of the publicly known information, how the attacks occurred, and providing tips on how to prevent these types of attacks.
  • IHaveBeenPwned is a platform created and maintained by Troy Hunt that allows users to check if their email address or password has been compromised
  • The presentation covers three major breaches in the APAC region: Raychat, Oxfam Australia, and Domino's India
  • For Raychat, basic security guidelines and vendor recommendations should be followed, and free resources like OWASP should be utilized
  • For Oxfam Australia, a good security program with good detection systems is essential, and people should be trained and controls should be implemented
  • For Domino's India, security involves all parts of the business, including third-party programs, and it's important to help those businesses protect themselves
  • An anecdote about the Raychat breach is provided, highlighting the importance of honesty and helping customers secure their data
  • References are provided for those interested in learning more
The Raychat breach is discussed in detail, with the founder and architect of the company commenting on the compromise of the legal card inside. He states that most of the compromised accounts have fake data and IPs from anonymous VPNs or proxies that are not likely to bring much actionable evidence to law enforcement agencies for investigation. He also notes that even Western law enforcement agencies are currently unequipped to investigate and prosecute cyber crimes on a large scale. This highlights the importance of taking preventative measures and being honest about breaches when they occur.

Abstract

In this short presentation, Ric is going to cover the top three major breaches reported via IHaveBeenPwned in the APAC region in 2021. The aim of this short presentation is to offer a summary of the publicly known information, where possible quickly cover how the attacks occurred and provide some tips on how to prevent these types of attacks.
Materials:
Tags:
breaches
IHaveBeenPwned
APAC
2021
attacks

Post a comment

Related work

Detecting Access Token Manipulation

Conference:  BlackHat USA 2020
Authors:
2020-08-06