Rewterz Threat Update – Cybercriminals Claim to Offer Data of 2 Million Pakistani Restaurant Customers for Sale

Severity

High

Analysis Summary

In a significant security breach claimed by hackers, the personal data of approximately 2.2 million Pakistani citizens has been compromised and offered for sale on the internet. This incident occurred after a group of hackers successfully infiltrated a private company-made database that is widely used by hundreds of restaurants in Pakistan. 

Threat actors claimed to gain unauthorized access to the database. As part of their advertisement, they have showcased the personal information of some citizens as samples. They claimed to have hacked the databases of more than 250 restaurants, naming several food outlets as victims.

The compromised citizen data includes sensitive information such as contact numbers and credit card details. This data is particularly concerning as it could potentially be used for fraudulent activities.

Notably, the compromised data also includes details about the number of transactions citizens have made and the corresponding amounts paid, such information is available for purchase online.

The hackers are offering this stolen data for sale at a price of 2 Bitcoins, which translates to approximately $54,000, based on the market value of one Bitcoin at $27,000. In Pakistani rupees, this amounts to over Rs 15 million.

According to the latest news, the Federal Investigation Agency’s (FBR) cybercrime circle has not received any official complaints regarding this breach as of now. It remains to be seen how the government will respond to this security incident.

Interestingly, just before this data breach, the federal government had issued an advisory to all IT and financial institutions, including regulators, cautioning them against collaborating with or using Indian-origin artificial intelligence (AI) and information and communication technology (ICT) products. The government cited these products as a potential threat to Pakistan’s critical information infrastructure (CII).

The advisory raised concerns about the use of Indian-origin IT products, including cybersecurity solutions and AI, within the fintech sector and banking industry in Pakistan. The government highlighted two potential threats: 

• Firstly, these security products and solutions possibly contain “backdoors” or “malware” to collect sensitive data, including logs, data traffic analysis, and personally identifiable information (PII)
• Secondly, the direct ingress of Indian-origin products into Pakistan’s CII through technical means and access control, allowing for passive monitoring capabilities. 

“It has been learnt that [the] fintech sector of Pakistan including a few banks are engaged with Indian-origin companies who are offering them IT products, Cyber Security and AI solutions, etc,” mentioned in the document

The advisory asked all users to refrain from collaboration, installation, and use of Indian-origin AI/ICT products. According to the advisory, government organizations and private users should consult the Pakistan Software House Association to find Pakistani technical companies for suitable economical alternatives.

The document added: “Above in view, all Federal/Provincial Ministries including sectoral regulators are requested to sensitise their affiliated setups/organisations/licensees, on the risks involved in the use of Indian origin products/solutions.”

In 2021, a US company called Exodus Intelligence, based in Texas, made a significant claim that India was using “zero-day” security vulnerabilities, which are flaws in software unknown to the vendor and can be exploited by hackers, to conduct espionage activities on Pakistan and China, according to a published report.

Exodus Intelligence’s CEO and co-founder, Logan Brown, conducted an investigation into the matter and concluded that India had selected a particular Windows vulnerability from their research, which provided deep access to Microsoft’s operating system. Indian government personnel or contractors then adapted this vulnerability for malicious purposes.

In response to this situation, Exodus Intelligence took action by cutting off India’s access to new zero-day research from their company in April. They also collaborated with Microsoft to create patches for the vulnerabilities that had been exploited.

In addition to these claims, in 2020, Pakistan’s intelligence agencies had identified a major security breach where Indian hackers had targeted the phones and other devices of government officials and military personnel in Pakistan. This suggests a pattern of cyber activity between India and Pakistan, further highlighting the ongoing tensions and concerns in the region regarding cybersecurity and espionage.

In summary, this incident has raised concerns about the security of information technology products of Indian origin within Pakistan, leading to a government advisory on their use in critical sectors. The extent of the fallout from this breach and the government’s response will likely be closely monitored in the coming days.

Note: Please note that this assertion has not been confirmed or substantiated.

Impact

• Sensitive Information Theft
• Unauthorized Access
• Reputational Damage

Remediation

• Continuously monitor your bank and credit card statements for any suspicious transactions. If you notice unauthorized activity, report it to your financial institution immediately.
• Change the passwords for your online accounts, especially those linked to the compromised data. Use strong, unique passwords for each account, and consider using a password manager to help you keep track of them.
• Wherever possible, enable 2FA on your online accounts. 
• Consider enrolling in a credit monitoring service that can alert you to any unusual or unauthorized activity related to your credit.
• Be cautious of unsolicited emails or messages that request personal information or direct you to click on suspicious links. Verify the legitimacy of such communications before taking any action.
• Conduct regular cybersecurity audits to identify vulnerabilities in your systems and software. Address these vulnerabilities promptly to reduce the risk of future breaches.
• Encrypt sensitive customer data both in transit and at rest to make it more challenging for hackers to access and use.
• Keep all software, including security software, up to date with the latest patches and updates to address known vulnerabilities.
• Assess the cybersecurity measures of third-party vendors and service providers, especially those handling customer data. Ensure they follow robust security practices