438 views
Feixiang He /GroupIB

How can firms dodge social engineering cyber crimes?

A Singapore-based cyber security firm came up with a solution after analysing the attack that infiltrated Uber’s system.

In September 2022, a cyber attacker created a form of deception that exploited human errors to download sensitive information from Slack messages and internal tools of Uber’s finance team. This type of cybercrime technique is called social engineering.

With Uber’s operations spanning all over the Asia Pacific, social engineering attacks, generally, could be followed up on affected firms, partners, and financial service providers.

Group-IB, a Singapore-headquartered cybersecurity firm, analysed the Uber breach and found that the threat actor bought compromised credentials of Uber employees days before the social engineering infiltrated the company’s system.

“Depending on the level of access that the threat actors can achieve, such a breach could lead to malicious code embedded into future services via code commits from the developing environment of an affected company,” Feixiang He, adversary intelligence research head at Group-IB told Singapore Business Review.

Threat intelligence solutions

To address these cyberattacks, Feixiang said companies must use threat intelligence solutions to be informed in the sale of access to their networks and credentials of their employees, as well as their partners and contractors.

“Contractors should be included in corporate security management properly, especially in identity access management and anomaly detection,” the expert said.

He also encouraged business partners of linked organisations to alert finance and human resource departments on possible cyberattacks and social engineering threats.

“Customers need to be vigilant and alert to possible social engineering scams via messengers and email using trending news and topics of discussion online,” Feixiang pointed out.

READ: 62% of board members say their organisations are unprepared for a cyberattack 

Tests and upskilling

Feixiang also advised businesses to conduct regular social engineering penetration tests and drills to battle evolving social engineering tactics.

Penetration tests are like fire drills or simulated bomb threats where a simulated cyber attack will be lodged against a computer system to check exploitable vulnerability.

“It is not a secret that humans are still the weakest link in cybersecurity. Threat actors will continue to conduct more social engineering, which highlights the importance of building cyber awareness within organisations and training the personnel regularly,” he noted.

In Singapore, nearly 50% of cybercrimes in the market account for all types of crimes. 

Follow the link for more news on

Join Singapore Business Review community
A NOTE FROM SINGAPORE BUSINESS REVIEW

The people you want to reach are already in this room.

Every quarter, SBR lands on the desks of the founders, CFOs, and directors running Asia's most consequential companies. Every day, they open our newsletter and read our website. It's a room that took twenty years to build — and it's the one most of our partners are trying to get into.

The good news is that the door is open. We work with companies on thought leadership articles, sponsored content, industry summits across Southeast Asia, regional awards programmes, podcasts, and media placements in print and digital. The shape of the right partnership depends on what you're trying to do, which is why we'd rather start with a conversation than send a rate card.


If you have something this room should know about, tell us. We'll tell you honestly whether we can help, and how.

No rate cards until we understand the brief. It's a better use of everyone's time.