As the world is reeling under the COVID-19 pandemic, with restrictions on travel and other stay home rules, the excessive reliance on the internet has given an opportunity to the hackers to launch malicious activities. It seems among all the recently targeted countries, Indonesia and the U.S. agencies are the latest victims of cybercriminals.
As per local reports, an unidentified hacker has allegedly broken into a government database of 230,000 Indonesian people who have undergone COVID-19 testing. The unknown cybercriminal, under the username Database Shopping, offered the personal data of Coronavirus test-takers in Indonesia on the data exchange platform Raid Forums.
In this database sharing and marketplace forum, another member put up for sale the personal information of 15 million users from homegrown e-commerce unicorn Tokopedia's internal database for $5,000.
Breached Data Seller
The cybercriminal showed an example of the breached data sets, which included personal details such as the names, ages, addresses and nationalities of the patients who underwent the virus testing at several hospitals in Indonesia's Bali. The released data also included information related to the kind of tests those people took. The user, Database Shopping said in a post on raidforums.com, "Indonesia COVID-19 database, 230k [worth of data in the] MySQL [database]. Leak date: May 20, 2020. I sell it to the enthusiast."
In an interview with the Kompas daily the hacker said apart from Bali, database from other regions in Indonesia were also breached that includes Jakarta and Bandung in West Java. The user of Raid Forums put up the complete database for sale for $300.
Responding to the alleged data theft Indonesia's Minister of Communication and Information Johnny Plate said the Coronavirus patient database and the results of interoperability and cleansing in the Kominfo data center are safe. The minister also added, "We will trace the news and coordinate with BSNN which is in charge of security and data collection COVID 19."
Data Breach Cases
At this time, hackers are on their dream run as this stay home situation all over the world is allowing the cybercriminal community to peep into the daily lives of people. Such hacking activities are on the rise in Indonesia, which has yet to pass a personal data protection bill. In 2013, a separate group of threat actors accessed the information of millions of Indonesian people by getting inside the General Elections Commission's website. It was reported that the affected data was claimed to be the final voter list of Indonesia Presidential Election for 2014.
The "Distributed Denial of Secrets" a website that publishes materials submitted by sources, both leakers and hackers Tweeted "RELEASE: #BlueLeaks (269 GB) Ten years of data from over 200 police departments, fusion centers and other law enforcement training and support resources. Among the hundreds of thousands of documents are police and FBI reports, bulletins, guides and more hunter.ddosecrets.com/datasets/102"
The leak contains 269 gigabytes of data, which includes sensitive documents, videos, and images of police and FBI reports, as well as bulletins, guides, and more. However, it is not clear whether a DDoS attack was actually involved in this case and how such a massive amount of records were obtained.
North Korea and Chinese Hackers
Recently, the Australian government revealed that they faced a massive cyberattack from what Prime Minister Scott Morrison has described as a "malicious" and "sophisticated" state-based actor. He said during the press conference on Friday, June 19, that "state-based cyber actor" has been targeting Australian organizations across a range of sectors, including all government agencies, industries, political organizations, education, health, essential service providers, and operators of other critical infrastructure.
Even though Morrison declined to reveal who may be behind the attacks, the scale and timing led many experts to immediately point the finger at China-based hackers. When the Australian PM was asked whether Beijing was responsible for the attack, Morrison said he "couldn't control speculation."
Citing recent chatter on dark web forums, a cyber intelligence company CYFIRMA has warned that in India several government agencies, media houses, pharma companies, and telecom operators may be targeted by a massive cyberattack from hacking groups with links to the Chinese government.
The security firm also found that the North Korea-based hacking group Lazarus has been planning to launch broader phishing attacks designed as COVID-19 relief efforts against six countries, targeting more than five million individuals and businesses (small, medium, and large enterprises). As per the CYFIRMA, the countries targeted by hackers are US, UK, Japan, Singapore, India, and South Korea.