GlobalSign Blog

Cybersecurity News: May Recap

Cybersecurity News: May Recap

The month of May has been a tough battle for cybersecurity. Attacks have been widespread amid the pandemic, where cybercriminals have come up with new methods to take advantage of the environment of fear, confusion, and paranoia. There was a record high 8.8 billion breached data recorded in May; a clear sign that cyberattacks have gone full swing.

Cyberattacks have been rapidly growing since the wake of the pandemic. Malware was spread through different mediums: inbound and outbound emails that contain phishing links, attachments, mobile apps, downloadable content from malicious websites, and more.

These are some of the notable data and personal information breaches in May:

  • Emails, usernames, and hashed passwords of 3.5 million users of the dating app MobiFriends were sold through an underground forum and deep web hacking forums.
  • The entire database of Indonesia’s largest online store, Tokopedia, composing 91 million user records, were being sold for $5,000 on the dark web by a hacker group called Shiny Hunters.
  • Over 164 million user records from eleven companies, ranging from online marketplaces to news websites, were being sold for $23,100 on the dark web by the same group.
  • 9 million user data along with 2,200 credit card details of British Airline Easyjet were stolen.
  • 8 million user records of Home Chef, a popular meal delivery service, were breached; these records included names, email addresses, phone numbers, passwords, and the last four digits of credit card numbers.

Since we are still in the middle of the COVID-19 pandemic, cybercriminals continue to bank on our current situation to unleash their phishing campaigns. For one, the Zeus Sphinx Trojan is being deployed in active coronavirus scams, particularly against US banks and COVID-related campaigns.

In May, the emergence of a complex and data-stealing threat called Qakbot was detected. This malware uses a hacked account to send messages containing malicious links or attachments to other people, creating a domino effect.

Spam campaigns using emails that have Excel file (.xls) attachments containing a ‘hidden’ sheet that attempts to visit a URL and download a file have also been reported to be circulating among users in Italy and some users in Germany and other countries.

Mobile Espionage on the Rise

Mobile users are also high targets for cybercriminals this month, as a powerful Android spyware called Mandrake is infecting tens of thousands of mobile devices. The spyware has been around since 2016 and can gather sensitive information in real-time as it records screen activity, particularly account credentials, banking applications, GPS, and more. It previously targeted users across Europe, the Americas, and Australia, but is now targeting victims across the globe.

A new variant from the Cerberus Android Trojan has also been recently discovered with a more advanced information-harvesting capability.

Another spyware called Pegasus, which infects both Android and Apple smartphones, hacks into the user’s device and spies on its activities in real-time, including access to the user’s messages and mail, calls, browser history, and contacts.

Another malicious app that is circulating is a ransomware strain known as “[F]Unicorn”. It impersonates the legitimate app for COVID-19 contact-tracing app and was first seen in May. Once the malware executes in the background, it collects information, and once information has been collected, a ransom note would pop up, asking for 300 Euros in exchange for the decryption key.

Malware installations

Meanwhile, a malware disguising as a Zoom installer was also discovered to run malicious routines remotely as well as install the ‘Devil Shadow’ botnet in devices. Compromised computers also run the risk of having their identity and personal information stolen as a new version of the Sarwent malware is not only capable of downloading and installing other malware, but it also allows hackers to gain hands-on access to the infected computers through Remote Desktop Protocol (RDP).

Moving forward

In an effort to protect user data from warrantless access, a group of seven internet companies including Mozilla, Twitter, and Reddit have asked four US legislators to explicitly prohibit the warrantless collection of internet search and browsing history when the United States House of Representatives considers the USA FREEDOM Reauthorization Act of 2020.

Arrests have also been made, one of them being the arrest of a Ukraine-based hacker called Sanix, who is responsible for selling billions of stolen credentials on various hacking forums on the deep web since 2018.

Cybersecurity in Asia-Pacific (APAC)

It's no different in APAC, where the COVID-19 pandemic has been a point of attraction for many of the hacker groups and cyber criminals. Phishing attempts have increased 700%; a never seen before rate. For what accounts as potentially the biggest breach for May in the APAC Region, 8.3 Billion Internet records were leaked from Thai Database. Luckily, the incident was spotted early and was quickly resolved in a span of 2 weeks with no personal information falling in the hands of cybercriminals.

On a more critical note, a destructive malware attempts to access email server accounts and databases in a ransomware attack known as ColdLock. It started in early May and has already infected several organizations in Taiwan.

An active hacker group called Tropic Trooper, who targets high-tech industries, government, military, and healthcare facilities in Taiwan, Philippines, and Hong Kong. The group uses spear-phishing techniques as well as mobile surveillanceware to steal Personal Identification Information (PII).

The group’s recent activities make use of malware-infused USB storage to infiltrate computers and perform different commands to steal critical data. Military agencies and hospitals, government institutions, and even national banks from Taiwan and the Philippines have been hit by these attacks.

Aside from USB-related attacks, government and military organizations in South Asia have also been a target of an updated BackConfig malware used by the Hangover threat group. This time, it infiltrates a computer through opening a malicious Microsoft Excel (.xls) files attached in phishing emails.

Cyber-Espionage attacks are nothing new to the industry, but Chafer APT advances its attacks as it hits several air transportation, government, and various prominent infrastructures in the Middle East to exfiltrate critical data.


With the widespread use of online devices, cybercriminals take advantage of the "new norm" to infect systems. These incidents indicate that cybercriminals thrive in any environment, sometimes even more so when the world is experiencing a crisis. Cyber resilience can greatly limit the heavy burden and consequences of cyberattack incidents.

Cybersecurity awareness training and education should be realized by individuals, employees, and companies especially now that the world is shifting to digital mediums. The cases recorded for this month show that cybersecurity awareness training and other means of educating people about the best practices in staying safe and secure online is worth the investment.

GlobalSign is the leading identity management authority in the Asia Pacific. We enable trusted identity security solutions for every enterprise. For more information about our company and the products we offer, you may visit our website, or check out our product list for enterprises and Internet of Things (IoT) so you can ask for a demo today! For more blog updates, click here.

Share this Post

Recent Blogs