NFT Seoul Conference 2023 to Picture the Future of Digital Innovation

Akira ransomware, responsible for stealing $42 million from over 250 organizations across North America, Europe and Australia in just a year, is now targeting businesses in Singapore. In response, Singaporean authorities have issued a joint advisory warning local businesses about the increasing threat posed by a variant of this ransomware.Photo by Mike Enerio on UnsplashAlert follows complaintsThe alert follows multiple complaints from victims, prompting agencies like the Cyber Security Agency of Singapore (CSA), the Singapore Police Force (SPF) and the Personal Data Protection Commission (PDPC) to take action. These agencies emphasize the urgency of recognizing and combating this threat. How Akira operatesAkira affiliates employ various techniques to infiltrate a victim's network. These include exploiting known vulernabilities. For example, that could mean the targeting of services like Cisco virtual private networks (VPNs) that have been configured without multi-factor authentication (MFA). Another approach that the ransomware incorporates is attacking external-facing services such as the Remote Desktop Protocol (RDP) via brute force. Social engineering is another tool within its repertoire. This involves tricking victims into downloading malicious software or entering credentials on phishing websites. There is a marketplace for compromised credentials in the dark web. Akira also relies on such data, acquiring it from access brokers who sell network access.  Once inside a network, Akira affiliates often create new domain accounts to maintain persistent access, even after reboots. They use numerous tools to steal user credentials, escalate privileges and spread throughout the network. Detection and prevention measuresThe Singaporean advisory outlines several strategies for detecting, deterring and neutralizing Akira attacks. Authorities strongly advise against paying ransoms, on the basis that doing so does not guarantee data recovery or prevent future attacks. Authorities also warn that paying ransoms can encourage further attacks. The FBI has noted that Akira operators do not contact victims. Instead, they expect victims to initiate contact. Payment in BitcoinThe advisory outlines how Bitcoin is implicated in the ransomware scam. It states:”Ransom payments are requested in Bitcoin, which are directed to cryptocurrency wallet addresses specified by the affiliates. The TOR site (.onion) where victims contact the affiliates, contains stolen information and a list of the affected organisations.” It’s not the first time that Singaporean authorities have issued warnings that have implicated Bitcoin and crypto. In January, the CSA and SPF, in a joint advisory, suggested that people should use hardware wallets in an effort to guard against crypto-related malware and phishing attacks. A number of weeks prior to that, Singapore’s former Prime Minister, Lee Hsien Loong, took to Facebook to issue a warning with regard to a crypto scam that involved the use of deceptive content generated using artificial intelligence (AI). Mitigation techniquesBusinesses are being urged by the authorities to adopt best practices to mitigate the Akira ransomware threat. They suggest the implementation of a recovery plan alongside the use of multi-factor authentication (MFA) in order to secure data and the access to that data.  They also suggest filtering network traffic as it helps in identifying and blocking malicious activities. Meanwhile, disabling unused ports and hyperlinks curbs the risk further as it reduces the attack surface. Lastly, the authorities suggested the use of system-wide encryption to protect data even if it is accessed by unauthorized entities.

DeSpread, a Korea-based consulting firm specializing in Web3 and blockchain, announced today its partnership with Arbiturm, a Layer 2 network built on the Ethereum blockchain. This news was reported by local media outlet Etoday. Through the partnership, DeSpread aims to create an ecosystem for Arbitrum developers, seek collaboration with Korean enterprises and attract more onchain users. Photo by Sigmund on UnsplashArbitrum is one of the largest Layer-2 blockchains operating on the Layer-1 Ethereum network, designed to address the scalability issue of the ETH network. DefiLlama, a DeFi total value locked (TVL) aggregator, shows that Arbitrum has the fourth largest TVL among all chain networks, and the largest TVL among ETH-based Layer 2 networks. To foster Arbitrum-based services, DeSpread plans to distribute research content and development guides to Korean developers in an effort to bring down the language and cultural barriers when working with Arbitrum. Regular events featuring Arbitrum experts are also in store, set to be held both online and in-person formats. These efforts are intended to help companies seeking to adopt blockchain technologies collaborate with Arbitrum.   Forging an ecosystem within the Korean ETH communityJeff Kim, Head of operation at DeSpread, expressed his excitement about the partnership with Arbitrum, saying that Arbitrum is the network showing the strongest performance among all Layer 2 solutions on the ETH network. He added that Despread plans to support Arbitrum so that it can create its ecosystem within the Korean Ethereum community and raise its brand awareness. Nina Rong, Head of Ecosystem Development at Arbitrum, stated that Arbitrum has long been keeping an eye on Korea’s blockchain ecosystem. The partnership will help Arbitrum strengthen its position in the Korean market and shape a developer-friendly environment for individuals and businesses, she said.

Bitget Exec Speaks to Utility of Enhanced KYCCrypto continues to undergo significant transformation as regulatory authorities across Asia tighten their grip on the industry. In response to these regulatory changes, Seychelles-headquartered Bitget has joined KuCoin and OKX, which have recently bolstered their Know Your Customer (KYC) measures to ensure compliance and safeguard their operations.In a recent interview with Cointelegraph, Bitget Managing Director Gracy Chen spoke to the utility of KYC measures, stating that KYC is useful in filtering out illegitimate users, particularly those engaged in activities such as money laundering.Photo by Pixabay on PexelsMeeting Asian regulatory requirementsThe Seychelles-based exchange with ties to China and Singapore recently announced updates to its KYC protocols. These changes come in the wake of the Monetary Authority of Singapore’s (MAS) directives, which advise financial institutions, including cryptocurrency exchanges, to implement robust risk management procedures. The MAS has taken a stringent stance, shutting down certain digital payment token service providers to prevent them from facilitating lending and staking activities by retail customers.Starting from October 1, Bitget will require users who have not completed level 1 KYC verification to be restricted from creating new trading orders. This move aims to ensure that users comply with the newly updated guidelines and maintain the integrity of the exchange’s operations.Following industry peersKuCoin and OKX, two other prominent exchanges which, like Bitget, have their corporate headquarters in Seychelles and a strong presence in Asia, have also revamped their KYC policies. While KuCoin initially introduced KYC in 2018, the exchange has strengthened its identity verification procedures, requiring users to upload documents and complete face checks.Furthermore, in July, it announced a mandatory KYC requirement, in line with anti-money laundering (AML) regulations. While the mandatory KYC requirement is already in force, the other changes are set to take effect at the end of the month.OKX, on the other hand, has implemented stringent requirements, including the submission of a government-issued ID selfie for users to access all its services. The exchange recently set a deadline for service users to complete KYC.Bitget’s Chen highlighted that its decision to embrace KYC measures was driven by a commitment to serving the market responsibly. She acknowledged that while some users may have reservations about KYC, it is a necessary step to maintain the integrity of the exchange and prevent illicit activities. Speaking at the fringes of the firm’s EmpowerX Summit in Singapore, Chen said:“I’m pretty sure if the user is a financially healthy user, such as, like, if they’re not doing something illegitimate, such as money laundering, they should be pretty comfortable with the KYC process.”Tightening regulationThe tightening of regulations in Asia is not limited to Singapore alone. Japan has also taken steps to enhance anti-money laundering measures related to cryptocurrency transactions, responding to international calls for stricter oversight. Additionally, South Korea’s Financial Services Commission (FSC) has announced plans to require companies to disclose details about their cryptocurrency holdings, expected values, and related business models in their financial statements, aligning crypto accounting with conventional financial reporting.These regulatory developments signify a broader trend in the region, with cryptocurrency service providers proactively adapting to the changing landscape. As governments and regulatory authorities take steps to address the potential risks associated with cryptocurrencies, exchanges are prioritizing compliance to ensure their longevity and continued growth.