Check Point says Cyber Security Agency of Singapore (CSA), the Personal Data Protection Commission (PDPC) and the Singapore Police Force (SPF) have issued a joint advisory on threat actor ALTDOS.
ALTDOS is known to operate in Southeast Asia and targets businesses for financial gains. Since late 2020, ALTDOS has been reported to be operating in Singapore, Thailand, and Bangladesh. Based on the Check Point advisory, there had already been several ransomware attacks made to organisations, exploiting these local businesses in Southeast Asia, and making victims pay double to retrieve their encrypted data and not leak them.
Threat actors such as ALTDOS are not new. The fact that it has garnered enough interest from the authorities to send out an advisory signifies that the threat is already lurking around in the community. Check Point advises the threat actor potentially found it compelling to target organisations in Singapore because they found an adequate number of low hanging fruits which would make it easy for them to acquire targets.
Check Point warns it is important to have common security hygiene practices including:
- Keeping your servers’ operating system and all its sub-components updated, especially security patches.
- Having a security gateway capable of identifying command and control IP addresses, services and protocols will protect against attackers gaining control of compromised assets. The security gateway will alert the administrator who can then clean out the system immediately.
- Conducting a review of the network access policies to ensure it adheres to “zero-trust” best practices on a periodic and deliberate basis.
- Following the best practices in server (OS)/services (web services) hardening to ensure that the least required operating parameters are defined on any running server.