Check Point Research (CPR), the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cybersecurity solutions globally, has published its Brand Phishing Report for Q4 2022. The report highlights the brands that were most frequently imitated by cybercriminals in their attempts to steal individuals’ personal information or payment credentials during October, November and December of last year.
Yahoo was the most impersonated brand for phishing attacks during Q4 2022, climbing 23 places and accounting for 20% of all attempts. Check Point Research found cybercriminals distributing emails with subject lines that suggested a recipient had won awards or prize money from senders such as ‘Awards Promotion’ or ‘Award Center’. The content of the email informed the target that they had won prize money organized by Yahoo, worth hundreds of thousands of dollars. It asked the recipient to send their personal information and bank details, claiming to transfer the winning prize money to the account. The email also contained a warning that the target must not tell people about winning the prize because of legal issues.
Yahoo!’s new logo displayed on the facade of Yahoo!’s Sunnyvale, California campus. | Sunnyvale, California, USA, September 2019 | Source: TechSpot / NHA File Photo
Subscribe to our Telegram channel to get a daily dose of business and lifestyle news from NHA – News Hub Asia!
In general, the technology sector was the industry most likely to be imitated by brand phishing in the last quarter of 2022, followed by shipping and social networks. DHL came in second place with 16 per cent of all brand phishing attempts, ahead of Microsoft in the third spot with 11 per cent. LinkedIn also returned to the list this quarter, reaching fifth place with 5.7 per cent. DHL’s popularity could be due to the busy online shopping season surrounding Black Friday and Cyber Monday, with hackers using the brand to generate ‘fake’ deliveries notifications.
Omer Dembinsky, Data Group Manager at Check Point Software said: “We are seeing hackers trying to bait their targets by offering awards and significant amounts of money. Remember, if it looks too good to be true, it almost always is. You can protect yourself from a brand phishing attack by not clicking on suspicious links or attachments and by always checking the URL of the page you are directed to. Look for misspellings and do not volunteer unnecessary information.”
Top 10 Most Imitated Brands
Below are the top brands ranked by their overall appearance in brand phishing attempts:
Yahoo (20%)
DHL (16%)
Microsoft (11%)
Google (5.8%)
LinkedIn (5.7%)
WeTransfer (5.3%)
Netflix (4.4%)
FedEx (2.5%)
HSBC (2.3%)
WhatsApp (2.2%)
Instagram Phishing Email – Account Theft Example
CPR observed a malicious phishing email campaign that was sent from “badge@mail-ig[.]com”. The email was sent with the subject “blue badge form”, and the content tried to persuade the victim to click on a malicious link claiming that the victim’s Instagram account had been reviewed by the Facebook team (the owner of the Instagram brand) and deemed eligible for the Blue Badge.
Figure 1. Malicious email which contained the subject “blue badge form” | Photo by Check Point ResearchFigure 2: Fraudulent login page https://www[.]verifiedbadgecenters[.]xyz/contact/ | Photo by Check Point Research
Microsoft Teams Phishing Email – Account Theft Example
In this Phishing email, Check Point Research found an attempt to steal a user’s Microsoft account information. The email was sent under a fake sender’s name – “Teams” with the subject “you have been added to a new team”.
The attacker tries to lure the victim to click on the malicious link claiming that they have been added to a new team in the app. Choosing to confirm the collaboration leads to a malicious website, which is no longer active.
Figure 3: The malicious email which contained the subject “you have been added to a new team” | Photo by Check Point Research
Adobe Phishing Email – Account Theft Example
This phishing email, which uses Abode’s branding, sent an email with its subject, originally in Spanish, reading – “Activate your license! Take advantage of its benefits” (originally: “¡Activa tu licencia! Aprovecha sus beneficios”). In the email the victim is encouraged to contact experts to help utilise the application license.
Clicking the link in the email opens a new draft message in Outlook addressed to a foreign email (not associated with Adobe), in which the user is asked to insert credit details and information for the “activation” of the license.
Figure 4: Adobe phishing email with the subject “Activate your license! Take advantage of its benefits” | Photo by Check Point Research
If your refrigerator supplier stops providing maintenance services, will you “ignore it” and let the refrigerator’s fresh-keeping and refrigeration functions gradually disappear to become a hotbed for gems? Likewise, the security risks you face will only increase if you stick to computer operating systems and applications that no longer receive any official patches, technical support, and security updates.
In November last year, Microsoft announced that a series of its products including Microsoft Office 2013, Windows Server 2012 and 2012 R2 will reach the end of support (EOS) this year (click here for full list). However, according to the latest data from third-party network-connected device search engine, Shodan, as of early January this year, there are around 97,000 computers in Hong Kong that are still running on Windows Server 2012 and 2012 R2.
Photo for illustrative purposes only. | Photo by Ed Hardie / Unsplash / NHA File Photo
Subscribe to our Telegram channel to get a daily dose of business and lifestyle news from NHA – News Hub Asia!
The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) under the Hong Kong Productivity Council said if enterprises and personal users continue to use EOS applications and operating systems, they will face the following risks:
Since EOS Applications and Operating Systems (OSs) will no longer receive any patches, technical support, and security updates, whenever new security vulnerabilities appear, hackers and malware are easier to infiltrate, leading to a higher risk of a data breach;
Running EOS applications and OSs might lead to software compatibility issues; and
Due to compliance regulations and system security policies of specific industries, using the EOS OSs might not be certified or lead to compliance issues.
Hence, HKCERT urges users of such products to take the below measures as soon as possible:
Related users should plan and upgrade their operating systems to supported versions as soon as possible, (e.g., Microsoft Office LTSC 2021/ 365 and Windows Server 2022).
For those already with plans to upgrade their operating systems, but unable to do so before the deadline, they can purchase Extended Security Updates (ESU) service from Microsoft to secure extra time, if applicable. For example, users of Windows Server 2012/R2 who have purchased ESU services can still receive critical and important security updates until 13 October 2026.
Migrate to Cloud Virtual Machines (some cloud service providers will provide ESU for three years after the end of support); and
For legacy applications that are not compatible with the supported OS version or patches provided by the ESU service, placing the related system on an isolated network is recommended. System administrators should source an alternative application compatible with the supported OS version.
For information security-related incidents, for example, ransomware, phishing, denial of service attacks, etc., please report to HKCERT through its online Incident Report Form at https://www.hkcert.org/incident-reporting. For other enquiries, please contact HKCERT by at [email protected] or call its 24-hour hotline: 8105 6060.
Lalamove is expecting further growth and expansion in Malaysia as it increases its delivery coverage, expanding long-distance delivery and service offerings in the market. This expectation was projected via the company’s 2x revenue growth within two years of operations in the market, with the increasing number of users and delivery partners. This growth signifies the company’s readiness to grow and recover with the SMEs in Malaysia.
Paul Loo, Jane Teh – Lalamove
Subscribe to our Telegram channel to get a daily dose of business and lifestyle news from NHA – News Hub Asia!
Understanding the need for SMEs to stay agile and grow their business, Lalamove has since
expanded its delivery coverage beyond Klang Valley to other parts of Malaysia, namely Johor, Malacca, and Penang. Lalamove also introduced the Long Haul Delivery, which enables users to deliver same day from Klang Valley, Johor, Malacca and Penang to any location within the Peninsula with Lalamove’s 4 x 4 Pickups, Vans and Lorries.
Through its business model, Lalamove pushes to create value for its SME users and delivery partners. Via its platform, Lalamove sets out to provide SMEs with the ability to meet their delivery requirements via affordable delivery solutions effectively. As the company expands its coverage and long-distance delivery offerings, Lalamove also looks to create more flexible income opportunities for its delivery partners as it stays committed to growing its customer base and delivery partners.
“As we approach our 10th anniversary in 2023, we are pleased and looking forward to growing our global footprint in our markets. In the Malaysian market especially, SMEs and home-based businesses make up some of the largest pools of our customer base. We want to collaborate with these businesses, providing the various services that their businesses require. That would allow us to help empower these businesses in achieving better success.” said Paul Loo, Chief Operating Officer at Lalamove.
Jane Teh, the Managing Director of Lalamove Malaysia, echoed the same sentiment on SME
empowerment. “Our services for SMEs are designed for relevance in a fast-changing digital
landscape and dynamic consumer behaviour. Understanding the pain points of SMEs and
innovating ourselves to meet their needs has been the key to the growth in our revenue and users. At the same time, we consistently pursue exercises in recruiting Malaysians to be our delivery partners. Our active delivery partners grew by 24% in 2022 compared to 2021.
Consistency in delivery partner recruitment is fundamental to strike a balance between our
supply and external demand from SMEs.” As part of the measures to uplift SMEs, Lalamove offers the user-facing Lalamove Rewards programme. The programme is an additional avenue for Lalamove’s business clients to raise their brand equity while generating sales from Lalamove’s user base. Besides its flagship on-demand delivery services, SMEs with a Lalamove Business Account in the e-commerce space can reap additional value with Lalamove’s e-commerce integrations and API solutions.
Lalamove has recently geared up to draw customised logistics solutions beyond the last-mile delivery leg for SMEs. Since its inception in Hong Kong in 2013, Lalamove has been unceasingly creating value for its 15 million users and 2.2 million driver partners across more than 40 cities in Asia and Latin America. Owing to its tech-powered quick matching system, the platform is poised to contribute to the logistics ecosystem in Malaysia by offering individuals and businesses of all sizes instant, reliable, flexible and affordable delivery solutions anytime, anywhere.
Darwinbox, the fastest-growing HR tech unicorn, and Microsoft today announced a collaboration to empower organizations globally with the right tools to succeed in the evolving world of work. The collaboration will include deep integrations between Darwinbox and the Microsoft product ecosystem, and co-innovation on solutions to enhance employee experience. The relationship will also accelerate joint go-to-market motions in all markets that the leading Human Capital Management player operates in. In addition to the co-innovation roadmap, Microsoft has also made an equity investment in Darwinbox to accelerate their mission of empowering organizations to unify their entire employee lifecycle.
Darwinbox and Microsoft
Subscribe to our Telegram channel to get a daily dose of business and lifestyle news from NHA – News Hub Asia!
Darwinbox’s cloud-based Human Capital Management (HCM) platform caters to HR needs across the entire employee lifecycle with new-age employee experiences and disruptive AI-powered technology. Powering 700+ enterprises and 2 million employees across the globe, the company has clocked almost 4X revenue growth and 300% headcount growth in Malaysia since its Series D Unicorn funding round in January 2022.
Microsoft and Darwinbox collaboration will fuel the global HR tech leader’s growth further while enabling organizations to unlock their workforce’s highest potential.
Commenting on the collaboration, Jayant Paleti, Darwinbox Co-founder said, “We’ve always had the highest regard for the Microsoft brand and ethos. As we align on the joint vision of helping our customers unlock new levels of employee experience and productivity, we’re excited to co-innovate on multiple lines of IP development and take these solutions to our customers globally.”
In Malaysia, Darwinbox works with leading enterprises namely Senheng Electric, Al Rajhi Bank Malaysia, Axiata Digital & Analytics, MIDF, Fave, SOCAR, Healthmetrics amongst others. The company also serves leading Southeast Asian organizations and conglomerates like JG Summit Holdings (now Gokongwei Group), Aviva Singlife, SCB 10X, Tokopedia, Shakey’s Pizza, SBS Transit, Carousell and leading international brands such as Nivea, Starbucks, Dominos, Sephora, Swarovski, Adidas and T-Systems.
Ahmed Mazhari, President, Microsoft Asia, said, “In the new world of work, connected and energized employees are a competitive advantage for every organization. We’re pleased to collaborate with leaders like Darwinbox to reimagine employee experience and enable HR teams with the power of technology. Co-innovating with our customers is key to how Microsoft is empowering organizations across Asia to do more with less.”
Deep integrations and multiple lines of co-innovation between Darwinbox and Microsoft will allow Darwinbox to deliver a radically unique and differentiated value proposition to their customers worldwide. As part of this collaboration, Darwinbox will adopt Microsoft Azure for enhancing its Human Capital Management (HCM) SaaS platform.
Darwinbox’s mobile-first platform continues to enhance and personalize employee experience (EX) by bringing HR transactions and experiences into the flow of work with Dynamics 365 and Office 365 platforms like Microsoft Teams, Viva, and Active Directory. Darwinbox has leveraged Microsoft’s Power BI to further augment its AI-based predictive analytics engine, to build rich visual analytics dashboards thereby helping employees across customer organizations to use data more effectively and power faster business decisions. Strategic product and engineering collaborations between the two companies will amplify innovation around workforce management, payroll management, benefits, talent management, and acquisition.
Throughout 2022, iconic beauty brand Mary Kay—along with its company-sponsored foundations—gave more than 3 million dollars to support women’s causes around the world.
Female entrepreneurs in Chuxiong, Yunnan Province increased their income and helped preserve the Yunnan Embroidery cultural industry thanks to Mary Kay Women’s Entrepreneurship Program. (Photo: Mary Kay Inc.)
Subscribe to our Telegram channel to get a daily dose of business and lifestyle news from NHA – News Hub Asia!
When Mary Kay Ash, legendary businesswoman and philanthropist, opened her business in 1963, she dreamed of empowering women internationally through entrepreneurship, innovation, hard work, and giving back. Nearly 60 years later, Mary Kay employees, Independent Beauty Consultants, and members of the global community keep her dream alive through generous contributions to four company-sponsored foundations delivering impactful support to women and their families in need.
The full foundation reports can be viewed here. Here’s what they were up to in 2022:
Cancers Affecting Women
In the U.S., the Mary Kay Ash Foundation (MKAF) funded 37 cancer researchers conducting groundbreaking research against cancers affecting women.
43% of MKAF cancer research projects are led by women; 100% of clinical trials are women-led.
MKAF funded nearly $1.7 million in grants for cancers affecting women.
Gender-based Violence
MKAF funded nearly $1.4 million in grants supporting services for women survivors of domestic violence.
MKAF supported 4 local domestic violence shelters in North Texas providing women seeking help with vital resources and safety.
In collaboration with Mary Kay, MKAF supported global partners committed to end violence against women and girls, including CARE and UN Trust Fund. Together, MKAF partners completed over 550 projects around the world.
Instituto Mary Kay and Mary Kay Brazil received the Silver Award for the Red Cross Campaign “Campanha Sinal Vermelho Contra a Violência Doméstica” at ABEVD Associação Brasileira das Empresas de Venda Direta (Brazil DSA) Anual Congress.
In Canada, the Mary Kay Ash Charitable Foundation awarded $10,000 each to 16 domestic violence shelters across Canada, totaling $160,000.
Women and Their Families
Mary Kay China and its company-sponsored programs and fund have provided support through the following efforts:
Mary Kay Women’s Entrepreneurship Program
In cooperation with China Women’s Development Foundation, interest-free revolving loans were provided to four women entrepreneur initiatives in the provinces of Heilongjiang, Ningxia, and Jilin. The initiatives directly benefited 133 women by increasing their annual per capita income by RMB 20,000 yuan.
Young Women’s Future Fund
In cooperation with Adream Foundation, the Young Women’s Future Fund remaining balance will be used to build four Mary Kay Dream Classrooms in Jiangxi to enhance girls’ literacy education.
Mary Kay China Charity Program
Since March 2022, the Mary Kay China Charity Program has allocated 1,049,800 yuan to provide protective materials and living supplies to 73 communities in 15 cities as a result of the COVID-19 epidemic.
Thanks to the joint efforts of Mary Kay China and its Beauty Consultants, the “Smile 1000” project raised funds for 112 cleft-lip repair surgeries in 2022. To date, Mary Kay China has raised funds for 991 surgeries and is on track to achieve the goal of 1,000 smiles in 2023.
By May, 1,391 Beauty Consultant volunteers had delivered 331 beauty lessons to 9,147 women.
Check Point Research reports that Glupteba has returned to the top ten list for the first time since July 2022. Qbot overtook Emotet as the most prevalent malware in December, while android malware Hiddad made a comeback.
Photo for illustrative purposes only. | Photo by Ed Hardie/Unsplash/NHA File Photo
Subscribe to our Telegram channel to get a daily dose of business and lifestyle news from NHA – News Hub Asia!
Our latest Global Threat Index for December 2022 saw Glupteba Malware, an ambitious blockchain-enabled Trojan botnet, return to the top ten list for the first time since July 2022, moving into eighth place. Qbot, a sophisticated Trojan that steals banking credentials and keystrokes, overtook Emotet to be the most prevalent malware after its return last month, impacting seven per cent of organisations worldwide. Meanwhile, android malware Hiddad made a comeback, and education continued to be the most impacted industry worldwide.
Although Google managed to cause major disruption to Glupteba operations in December 2021, it seems to have sprung back into action. As a modular malware variant, Glupteba can achieve various objectives on an infected computer. The botnet is often used as a downloader and dropper for other malware. This means that a Glupteba infection could lead to a ransomware infection, data breach, or other security incidents.
Glupteba is also designed to steal user credentials and session cookies from infected machines. This authentication data can be used to gain access to a user’s online accounts or other systems, enabling the attacker to steal sensitive data or take other actions using these compromised accounts. Finally, the malware is commonly used to deploy crypto mining functions on its target, draining a computer’s resources by using them to mine blocks.
In December, we also saw Hiddad make the top three mobile malware list for the first time in 2022. Hiddad is an ad-distributing malware, targeting android devices. It repackages legitimate apps and then releases them to a third-party store. Its main function is to display ads, but it can also gain access to key security details built into the OS.
The overwhelming theme from our latest research is how malware often masquerades as legitimate software to give hackers backdoor access to devices without raising suspicion. That is why it is important to do your due diligence when downloading any software and applications or clicking on links, regardless of how genuine they look.
Our research also revealed that “Web Server Exposed Git Repository Information Disclosure” was the most commonly exploited vulnerability, impacting 46 per cent of organisations globally, followed by “Web Servers Malicious URL Directory Traversal” with 44 per cent of organisations impacted worldwide. “Command Injection Over HTTP” is the third most used vulnerability, with a global impact of 43 per cent.
Top malware families
*The arrows relate to the change in rank compared to the previous month.
Qbot was the most prevalent malware last month with an impact of seven per cent of worldwide organisations, followed by Emotet with a global impact of four per cent and XMRig with a global impact of three per cent.
↑ Qbot – Qbot aka Qakbot is a banking Trojan that first appeared in 2008. It was designed to steal a user’s banking credentials and keystrokes. Often distributed via spam email, Qbot employs several anti-VM, anti-debugging, and anti-sandbox techniques to hinder analysis and evade detection.
↔ Emotet – Emotet is an advanced, self-propagate and modular Trojan. Emotet used to be employed as a banking Trojan, and recently was used as a distributor for other malware or malicious campaigns. It uses multiple methods for maintaining persistence and evasion techniques to avoid detection. In addition, it can be spread through phishing spam emails containing malicious attachments or links.
↑ XMRig – XMRig is open-source CPU mining software used to mine the Monero cryptocurrency. Threat actors often abuse this open-source software by integrating it into their malware to conduct illegal mining on victims’ devices.
↑ Formbook – Formbook is an Infostealer targeting the Windows OS and was first detected in 2016. It is marketed as Malware as a Service (MaaS) in underground hacking forums for its strong evasion techniques and relatively low price. FormBook harvests credentials from various web browsers, collects screenshots, monitors and logs keystrokes, and can download and execute files according to orders from its C&C.
↑ Nanocore – NanoCore is a Remote Access Trojan that targets Windows operating system users and was first observed in the wild in 2013. All versions of the RAT contain basic plugins and functionalities such as screen capture, cryptocurrency mining, remote control of the desktop and webcam session theft.
↑ Ramnit – Ramnit is a modular banking Trojan first discovered in 2010. Ramnit steals web session information, giving its operators the ability to steal account credentials for all services used by the victim, including bank accounts, and corporate and social networks accounts. The Trojan uses both hardcoded domains as well as domains generated by a DGA (Domain Generation Algorithm) to contact the C&C server and download additional modules.
↑ Remcos– Remcos is a RAT that first appeared in the wild in 2016. Remcos distributes itself through malicious Microsoft Office documents, which are attached to SPAM emails, and is designed to bypass Microsoft Windows UAC security and execute malware with high-level privileges.
↑ Glupteba – Known since 2011, Glupteba is a backdoor that gradually matured into a botnet. By 2019 it included a C&C address update mechanism through public BitCoin lists, an integral browser stealer capability and a router exploiter.
↓ AgentTesla – AgentTesla is an advanced RAT functioning as a keylogger and information stealer, which is capable of monitoring and collecting the victim’s keyboard input, system keyboard, taking screenshots, and exfiltrating credentials to a variety of software installed on a victim’s machine (including Google Chrome, Mozilla Firefox and the Microsoft Outlook email client).
↓ Phorpiex – Phorpiex is a botnet (aka Trik) that has been active since 2010 and at its peak controlled more than a million infected hosts. It is known for distributing other malware families via spam campaigns as well as fueling large-scale spam and sextortion campaigns.
Top Attacked Industries Globally
Last month, Education/Research remains the most attacked industry globally, followed by Government/Military and then Healthcare.
Education/Research
Government/Military
Healthcare
Top exploited vulnerabilities
In December, “Web Server Exposed Git Repository Information Disclosure” was the most common exploited vulnerability, impacting 46% of organisations globally, followed by “Web Servers Malicious URL Directory Traversal” with 44% of organisations impacted worldwide. “Command Injection Over HTTP” is the third most used vulnerability, with a global impact of 43%.
↑ Web Server Exposed Git Repository Information Disclosure – An information disclosure vulnerability has been reported in Git Repository. Successful exploitation of this vulnerability could allow an unintentional disclosure of account information.
↓ Web Servers Malicious URL Directory Traversal (CVE-2010-4598,CVE-2011-2474,CVE-2014-0130,CVE-2014-0780,CVE-2015-0666,CVE-2015-4068,CVE-2015-7254,CVE-2016-4523,CVE-2016-8530,CVE-2017-11512,CVE-2018-3948,CVE-2018-3949,CVE-2019-18952,CVE-2020-5410,CVE-2020-8260) – There exists a directory traversal vulnerability on different web servers. The vulnerability is due to an input validation error in a web server that does not properly sanitise the URI for the directory traversal patterns. Successful exploitation allows unauthenticated remote attackers to disclose or access arbitrary files on the vulnerable server.
↑ Command Injection Over HTTP (CVE-2021-43936,CVE-2022-24086) – A command Injection over HTTP vulnerability has been reported. A remote attacker can exploit this issue by sending a specially crafted request to the victim. Successful exploitation would allow an attacker to execute arbitrary code on the target machine.
↓ HTTP Headers Remote Code Execution (CVE-2020-10826,CVE-2020-10827,CVE-2020-10828,CVE-2020-13756) – HTTP headers let the client and the server pass additional information with an HTTP request. A remote attacker may use a vulnerable HTTP Header to run arbitrary code on the victim machine.
↑ MVPower DVR Remote Code Execution – A remote code execution vulnerability exists in MVPower DVR devices. A remote attacker can exploit this weakness to execute arbitrary code in the affected router via a crafted request.
↓ Dasan GPON Router Authentication Bypass (CVE-2018-10561) – An authentication bypass vulnerability exists in Dasan GPON routers. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorised access into the affected system.
↔ PHP Easter Egg Information Disclosure – An information disclosure vulnerability has been reported in the PHP pages. The vulnerability is due to incorrect web server configuration. A remote attacker can exploit this vulnerability by sending a specially crafted URL to an affected PHP page.
↑ Microsoft Windows HTTP.sys Remote Code Execution (MS15-034: CVE-2015-1635) – A Vulnerability in HTTP.sys in certain versions of Microsoft Windows OP tracked as CVE-2015-1635. Successful exploitation would allow threat actors to execute arbitrary HTTP requests, causing buffer overflow, and possibly gaining SYSTEM privileges.
↓ WordPress portable-phpMyAdmin Plugin Authentication Bypass (CVE-2012-5469) – An authentication bypass vulnerability exists in WordPress portable-phpMyAdmin Plugin. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorised access into the affected system.
↓ PHPUnit Command Injection (CVE-2017-9841) – A command injection vulnerability exists in PHPUnit. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary commands in the affected system.
Top Mobile Malware
Last month, Anubis remained the most prevalent mobile malware, followed by Hiddad and AlienBot.
Anubis – Anubis is a banking Trojan malware designed for Android mobile phones. Since it was initially detected, it has gained additional functions including Remote Access Trojan (RAT) functionality, keylogger and audio recording capabilities as well as various ransomware features. It has been detected on hundreds of different applications available in the Google Store.
Hiddad – Hiddad is an Android malware which repackages legitimate apps and then releases them to a third-party store. Its main function is to display ads, but it can also gain access to key security details built into the OS.
AlienBot – AlienBot is a banking Trojan for Android, sold underground as Malware-as-a-Service (MaaS). It supports keylogging, dynamic overlays for credentials theft as well as SMS harvesting for 2FA bypass. Additional remote-control capabilities are provided using a TeamViewer module.
Check Point’s Global Threat Impact Index and its ThreatCloud Map is powered by Check Point’s ThreatCloud intelligence. ThreatCloud provides real-time threat intelligence derived from hundreds of millions of sensors worldwide, over networks, endpoints and mobiles. The intelligence is enriched with AI-based engines and exclusive research data from Check Point Research, the intelligence and research Arm of Check Point Software Technologies.
The Lunar New Year calls for an exciting celebration for most of us as we take this opportunity to get together with our families and friends for an exciting celebration. Though it is a vibrant occasion meant to be enjoyed with loved ones, there are also impoverished families who are in need of help, warmth and friendship. Determined to share this festive cheer among its disadvantaged community this Chinese New Year, Malaysia’s leading developer IJM Land Berhad strives to extend a helping hand to six underprivileged families to brighten their festive mood.
Madam Ho Pei Yoon (fourth from left) receiving festive goods from IJM Seremban 2 to brighten their festive mood this Chinese New Year.
Subscribe to our Telegram channel to get a daily dose of business and lifestyle news from NHA – News Hub Asia!
IJM Seremban 2 identified these underprivileged families in Seremban through its yearly Chinese New Year Charity programme to ensure these families are remembered this festive season – filling them with the opportunity to welcome the Year of the Rabbit bringing new hopes and growth with a fresh start. Mr Chai Kian Soon, Senior General Manager of IJM Land Berhad shared that it is part of their responsibility to uplift the lives of the underprivileged due to the hardships and financial struggles they face – especially in times like this where it is IJM Seremban 2’s utmost priority to ensure these families are well taken care of.
“As we take a leap into the new year, we hope to give everyone the best with the basic equal opportunity to start anew, and that includes those in dire need of help. Through this year’s charity programme, IJM Seremban 2 is determined to demonstrate our high spirit in uplifting the society for their betterment and to spread happiness within their homes, just like the characteristics of a rabbit – compassionate and sensitive,” said Mr Chai.
Led by Mr Chai along with the IJM Land team members, each family was given an ‘Ang Pao’ blessing of RM1,000 and grocery items including rice, cooking oil, flour, cookies and other necessities worth RM600 for the families with decent celebration. One of the beneficiaries for this year’s Chinese New Year Charity Programme is Mr Chow Chi Tak who is currently going through dialysis and has stopped working since 2015 due to kidney failure. Under the care of his wife along with his two schooling children, Mr Chow struggles to make ends meet as the family does not receive much financial assistance.
Another recipient under the programme is Madam Cindy Wan Fau Teng, a single mother of two who has been suffering from uterine fibroid with a history of memory loss. After the loss of her husband last year, she does her best to provide for both her children, especially for her 19-year-old eldest son who has just graduated and hopes to further his studies. Madam Ho Pei Yoon, a single mother of two juggles multiple jobs to provide for her two children after the passing of her husband in 2021; and Madam Koo Ah Moi, aged 69 and her husband are also in need of financial help as they are raising their 15-year-old grandson since birth after his parents left him under their care. Other beneficiaries who benefitted from the charity programme were Mr Yeoh Kwok Hau, a diabetic patient who works as a cleaner in a kindergarten; and Mr Gan Ming Chon who was diagnosed with lung cancer last year and is currently undergoing chemotherapy.
“We at IJM Land strongly believe that an act of kindness can go a long way. When we lend a helping hand it is not just merely to allow these families to enjoy a slice of a good festive season, but we’re here to set an example for society to play their part in helping those in need no matter how small the effort,” added Mr Chai.
For more than a decade, IJM Land has long been striving to improve the lives of its community in Seremban through various charity programmes that have aided over 600 families. To find out more about IJM Land’s initiatives, visit http://seremban2.ijmland.com/.
UOB Malaysia was named the Best Foreign Retail Bank in Malaysia by The Asian Banker at the regional publication’s Country Awards in 2022.
Ronnie
Subscribe to our Telegram channel to get a daily dose of business and lifestyle news from NHA – News Hub Asia!
The recognition was accorded to UOB Malaysia for its achievements in growing its retail and wealth management franchise through digital enhancements amid a challenging operating environment during the period under review. For example, UOB Malaysia was the first bank in Southeast Asia to utilise Virtual Face-to-Face (VF2F) feature[[1]] on a banking app to enable customers to manage their insurance needs conveniently. The Bank is also one of the first in the country to roll out digital account opening service via its Mighty app to enable customers to open a personal bank account anytime, anywhere. The Bank’s balance sheet also surpassed industry’s growth, especially for deposits in 2021.
Mr Ronnie Lim, Managing Director and Country Head of Personal Financial Services, UOB Malaysia said, “We strongly believe in staying attuned to customers’ evolving needs, and are pleased that our efforts were recognised by The Asian Banker Awards, which has a rigorous judging process. As technology continues to influence consumer lifestyles and behaviour, we meld the online and offline worlds seamlessly to engage and to serve our customers through our omni-channel touchpoints, whenever and wherever they want.
“For more than three years, we have been executing our branch transformation strategy to cater to the increasing customer demand for wealth and financial planning services by our UOB Privilege and Wealth Banking relationship programmes. In the next two years, we aim to upgrade and relocate more branches to more convenient and accessible locations for our customers. This award reaffirms our strategy to put customers first, and our vision to build a sustainable business model that emphasises on our employees’ development.”
The Asian Banker also favourably evaluated UOB Malaysia for introducing artificial intelligence (AI)-driven digital banking[[1]] and digital account opening services[[2]] on its mobile banking app, UOB Mighty. Since its inception two years ago, UOB Mighty has seen significantly increased adoption rates, a testament to its capabilities and relevance to customers. At the same time, the Bank has been transforming its nationwide branch network into spaces curated for deeper customer engagement to meet the increasing demand for wealth and financial planning services.
Mr Chris Kapfer, Research Director of TABInsights, The Asian Banker, said, “We liked that UOB Malaysia treated its deposits and wealth management businesses and products not in silos, but as closely interrelated propositions. The Bank excelled in a systematic customer engagement journey from on boarding, engagement to cross-selling over the full life-cycle of a customer’s wealth journey.”
The latest accolade from The Asian Banker comes on top of a hat-trick of awards UOB Malaysia garnered last year. Renowned regional publications Asian Banking and Finance (ABF), Retail Banker International (RBI), and Singapore Business Review had conferred the Bank with the following awards in 2022:
International Retail Bank of the Year Malaysia Award for the second consecutive year at the ABF Retail Banking Awards 2022,
Best Retail Bank Malaysia at the RBI Asia Trailblazer Awards 2022, and
Fintech – Banking for the UOB Intelligent Mortgage Calculator at the Malaysia Technology Excellence Awards 2022 respectively.
Mr Lim said, “For more than seven decades, we have focused on providing the best banking experiences and financial solutions to help our customers grow their wealth. The awards we won ein 2022 are testament to our efforts in putting our customers’ needs at the heart of everything we do. Following the completion of our acquisition of Citigroup’s consumer banking business in Malaysia[[3]], customers can
look forward to an expanded range of solutions and privileges as we leverage the synergies of the combined partner ecosystem, touchpoints and product suites.”
Shopee Malaysia kickstarted the New Year by launching its three-part 2023 Consumer Trends series called ‘Adapting to Malaysia’s Digital Consumers in 2023’. The first part of the series that focuses on sellers found that 63 per cent of Malaysian Sellers feel excited and positive about e-commerce opportunities in 2023. In particular, sellers from the Health and Beauty (71 per cent), Toys, Kids, and Babies (69 per cent), and Fashion and Lifestyle (66 per cent) categories are the most optimistic, stating that they are on the right track to capture the opportunities in 2023.
Subscribe to our Telegram channel to get a daily dose of business and lifestyle news from NHA – News Hub Asia!
Parts 2 and 3 of the series which focus on Malaysian buyers and influencers will be shared in greater detail in the upcoming weeks. Findings can be utilised by businesses to tap e-commerce and digital services to drive resilience and stay relevant.
The survey covering over 1,000 Malaysian marketplace sellers in December 2022 found that sellers are excited to take advantage of three main e-commerce trends observed by Shopee, in staying digitally resilient and relevant on e-commerce: 1) Increased and savvier use of digital services, 2) Growing adoption of digital services among consumers living outside big cities, and 3) The rise of younger, more purposeful buyers.
Increased and savvier use of digital services
When asked what milestones they would like to achieve for 2023, given the digital savviness of buyers who spend more time online, 8 in 10 sellers agreed that they wanted to increase product discovery, consideration and purchase online. Specifically, 5 in 10 wanted to take advantage of Shopee’s hyperlocal campaigns tailored to engage consumers and Shopee Loyalty Program rewards to increase traffic and demand, 2 in 10 wanted to engage audiences with higher value transactions from Shopee Mall and cross-border platforms, and the remainder wanted to use Shopee’s customised recommendation tools like Daily Discover to gain better visibility and consideration.
With the Shopee Growth Program, all local sellers are also eligible to boost store performance and sales with one week free trial of the highly popular Shopee RebateNOW where buyers enjoy 10 per cent off between 9 till 15 January 2023. In addition, local marketplace sellers can claim up to RM100 Free Ads credit for two months to enhance their store visibility and traffic between January to March.
Growing adoption of digital services amongst consumers living outside big cities
With technology giving better access to affordable and convenient digital products and services outside big cities, 7 in 10 sellers surveyed are interested in reaching consumers who live in Borneo in 2023. Thanks to Shopee’s integrated logistics infrastructure, sellers can take advantage of the nationwide network of warehouses and delivery hubs to reach more customers in Sabah and Sarawak. Among the sellers most keen to tap new audiences in Borneo, by category, are: FMCG (81 per cent), Sports, Entertainment & Recreation (75 per cent), and Groceries & Pets (74 per cent).
The rise of younger, more purposeful buyers
In response to the rise of younger, more purposeful buyers entering the marketplace in 2023, 50 per cent of sellers surveyed are interested in catering to value-based shoppers who support Local Malaysian Made goods via Shop Malaysia circle, and Green Sellers via ShopeeGivesBack microsite. They are also excited about the inclusion of more educational content in influencers’ live streams that demonstrate the importance of supporting these causes.
As part of their 2023 New Year Resolutions, 95 per cent of sellers want to upskill themselves with free Shopee University Courses in Sales, Marketing, and Operations. The most popular Shopee marketplace features they would like to incorporate in their strategies are: Marketing Tools (35 per cent), Listing Optimizers (29 per cent) and Business Insights (27 per cent). A small percentage of sellers require Batch Tools (8 per cent) to process bulk orders efficiently.
Kenneth Soh, Head of Marketing Campaigns at Shopee Malaysia said, “I am beyond excited for the marketplace sellers who have positive resolutions in 2023 to try new features and discover new opportunities. Just two weeks ago, I personally handed out 34 awards at our Shopee Super Awards to Super Growing, Super Customer Satisfaction and Super Favorite Sellers, so I know that they can succeed. We always put a spotlight on sellers who light the path for other sellers to succeed and create a supportive environment for them.”
Siemens Malaysia today announced that Mr Tindaro Danze has been appointed as its new president and chief executive officer effective 1 January 2023. He is concurrently responsible for the Digital Industries (DI) business in Malaysia.
Tindaro Danze, president and chief executive officer of Siemens Malaysia. 3 January 2023 | Photo by Siemens Malaysia / NHA File Photo
Subscribe to our Telegram channel to get a daily dose of business and lifestyle news from NHA – News Hub Asia!
Prior to these appointments, Mr Danze was based in Germany as the Head of Global Sales for DI’s Digital Enterprise and Vertical Management. He managed the company’s regional industrial digitalisation units, enabled global digitalisation projects, and oversaw Siemens DI vertical approach in key industries.
Not a stranger to Southeast Asia, Mr Danze was previously based in Indonesia for four years from 2012 to 2016, as the Managing Director of the Medium and Low Voltage Drives Business. Under his leadership, Siemens fostered its market-leading position in the Minerals and Fiber industry.
He then moved to Siemens Vietnam as the Head of Digital Industries from 2016 – 2020. He positioned Siemens as a thought leader in Industry 4.0 in Vietnam, and also formed numerous strategic alliances with the local education sector, industry associations and manufacturing stakeholders.
“We’re pleased to welcome Tindaro on board. He brings with him a wealth of knowledge and expertise in digital technologies, business strategy, project management and executive coaching,” said Dr Thai-Lai Pham, CEO of Siemens ASEAN. “Very importantly, his combination of headquarters and regional experience will enable him to sharpen our business focus in Malaysia.”
“I’m delighted to be back in Southeast Asia. It is an exciting region with enormous growth and development potential. I look forward to working closely with my Malaysian colleagues and our ecosystem partners to strengthen our digitalisation leadership in Malaysia, and accelerate transformation for this country!” commented Mr Danze.
![Figure 2: Fraudulent login page https://www[.]verifiedbadgecenters[.]xyz/contact/ | Photo by Check Point Research](https://www.newshubasia.com/wp-content/uploads/2023/02/BlueBadges-phishing-email-2_CheckPoint.jpg)
