DBS, Bank of China vendor hit by ransomware attack

Customer data from DBS and Bank of China were compromised through a vendor. Why did ransomware lead to this and why is it so hard to thwart?

What happened?

A ransomware attack on a printing vendor resulted in customer data from two banks being stolen, according to a joint statement by the MAS and CSA last night.

• DBS Bank (8,200 customers)
• Bank of China (3,000 customers)

The compromise happened at vendor Toppan Next Tech (TNT), which prints out paper letters mailed to customers.

Here's what we know so far:

• The result of ransomware
• Forensic investigators engaged to investigate.
• Reported to Personal Data Protection Commission.

DBS shared more details about the affected data:

• Name and postal address.
• Data from Dec 2024, Jan 2025, Feb 2025.
• Details relating to DBS Vickers equities; Cashline loans.

DBS says the data sent to TNT was encrypted; it is not known at this point if the perpetrators made away with unencrypted data.

Ransomware

Overall, the attack appears fairly limited. But why are ransomware attacks so prevalent? In March, HomeTeamNS was also hit by ransomware.

As I explained in the past, the massive profitability of ransomware has seen it evolve into a highly sophisticated ecosystem with "experts" to code, phish, or launder proceeds.

Moreover, ransomware, is inherently "noisy." It must reveal itself to demand payment, after all. This means we could be infected by other malware - but not known it.

Fuelled by AI

And AI is powering ransomware attacks, says Joseph Carson when I spoke to him recently.

Bad actors are:

• Localising ransomware to multiple languages.
• Run more effective phishing campaigns.
• Create realistic audio and video.

Ironically, even some "support functions" are being replaced by AI, says Joseph, putting some middle-tier criminals out of work.

Next: Data theft

Ransomware is so named due to how it encrypts user data with a secret key, which is released only upon payment.

But cybercriminals can extort up to 3 times:

Original extortion. Pay or your data stays encrypted.

1. Double extortion. Pay or we'll publish it online.
2. 3.0. Go after individuals to threaten their privacy.

As companies ramp up their cybersecurity measures and institute better data backups, hackers are finding (1) harder.

This means an inadvertent shift towards (2). Indeed, Joseph told me that data exfiltration is now outstripping pure ransomware attempts.

That brings us to last night's warning about data being potentially compromised.

Have you ever been affected by ransomware or know of someone who was?