Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.

Total Financial Loss: The total financial loss from these incidents is estimated to be $1.20 million.

Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with likely (by dbs bank, apple, google), and third party assistance with recorded future (threat intelligence), third party assistance with singapore authorities (investigation), third party assistance with cybersecurity firms (forensic analysis), and law enforcement notified with singapore police force (656 cases reported), law enforcement notified with potential interpol coordination (cross-border crime), and containment measures with enhanced mfa for mobile wallet onboarding, containment measures with transaction velocity limits, containment measures with geofencing for suspicious nfc transactions, and remediation measures with patch nfc protocol vulnerabilities, remediation measures with customer notification & card reissuance, remediation measures with phishing awareness campaigns, and recovery measures with fraudulent transaction reversals, recovery measures with compensation for affected users, recovery measures with collaboration with retailers to flag mule activity, and communication strategy with public advisories (singapore authorities), communication strategy with customer alerts (apple/google/dbs), communication strategy with media statements on mitigation efforts, and enhanced monitoring with nfc transaction anomaly detection, enhanced monitoring with dark web monitoring for stolen credentials, enhanced monitoring with telegram channel surveillance (e.g., @webu8)..

Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.

Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Phishing Emails/SMS (Credential Harvesting)Mobile Malware (e.g. and Fake Banking Apps)Dark Web Data Dumps (Previously Breached Cards).

Average Financial Loss: The average financial loss per incident is $1.20 million.

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Payment Card Numbers, Mobile Wallet Tokens, Cvv/Cvc Codes (Via Phishing), Banking Credentials (Username/Password), Transaction Histories and .

Incident Response Plan: The company's incident response plan is described as Likely (by DBS Bank, Apple, Google).

Third-Party Assistance: The company involves third-party assistance in incident response through Recorded Future (Threat Intelligence), Singapore Authorities (Investigation), Cybersecurity Firms (Forensic Analysis), .

Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Patch NFC Protocol Vulnerabilities, Customer Notification & Card Reissuance, Phishing Awareness Campaigns, .

Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by enhanced mfa for mobile wallet onboarding, transaction velocity limits, geofencing for suspicious nfc transactions and .

Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Fraudulent Transaction Reversals, Compensation for Affected Users, Collaboration with Retailers to Flag Mule Activity, .

Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Ongoing Investigations (Singapore), Potential Charges for Money Mules, .

Key Lessons Learned: The key lessons learned from past incidents are NFC Relay Attacks Exploit Legitimate Protocols, Requiring Behavioral Detection,Automated Phishing/Malware Campaigns Can Scale Rapidly with Minimal Detection,Burner Phone Supply Chains Enable Persistent Fraud Operations,Cross-Border Criminal Collaboration Complicates Law Enforcement,Mobile Wallet Authentication Needs Adaptive, Context-Aware Controls.

Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: For: Banks (e.g., DBS), , For: Consumers, , For: Retailers, , For: Mobile Wallet Providers (Apple/Google), , For: Law Enforcement and .

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Recorded FutureUrl: https://www.recordedfuture.comDate Accessed: 2024-12-31, and Source: Singapore Police Force (SPF) AdvisoryUrl: https://www.police.gov.sgDate Accessed: 2024-12-30, and Source: NFCGate GitHub Repository (Legitimate Tool Abused)Url: https://github.com/NFCGate/NFCGateDate Accessed: 2024-12-29, and Source: DBS Bank Security BulletinUrl: https://www.dbs.comDate Accessed: 2024-12-28.

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Advisories (Singapore Authorities), Customer Alerts (Apple/Google/Dbs) and Media Statements On Mitigation Efforts.

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Singapore Monetary Authority (Mas) – Fraud Risk Warning, Apple Security Update (Ios 17.3+ Nfc Protections), Google Pay Fraud Prevention Guide, Dbs Bank: 'Beware Of Ghost-Tapping Scams' (Dec 2024), Apple Support: 'Protect Your Apple Pay From Unauthorized Use', Singapore Police Force: 'Contactless Payment Fraud Alert' and .

Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Recorded Future (Threat Intelligence), Singapore Authorities (Investigation), Cybersecurity Firms (Forensic Analysis), , Nfc Transaction Anomaly Detection, Dark Web Monitoring For Stolen Credentials, Telegram Channel Surveillance (E.G., @Webu8), .

Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Apple/Google: Mandatory Biometric Reauthentication For Wallet Changes, Banks: Real-Time Nfc Transaction Monitoring, Retailers: Mule Behavior Analytics At Pos, Regulators: Stricter Kyc For Burner Phone Purchases, .

Last Attacking Group: The attacking group in the last incident were an Name: @webu8 (Telegram Handle)Affiliation: Chinese-Speaking Cybercriminal SyndicateRole: Supplier of Burner Phones, Ghost-Tapping Services, and Stolen CredentialsLocation: Cambodia, Location: China, Language: ChineseTools Used: NFCGate (Repurposed Android App), Tools Used: Automated Card Addition Scripts, Tools Used: Telegram for Criminal Coordination, Name: Unnamed Criminal SyndicatesAffiliation: Southeast Asian Cybercrime NetworksRole: Phishing Operators, Role: Money Mules, Role: Logistics Coordinators, Role: Dark Web Data Brokers, Location: Cambodia, Location: China, Location: Singapore (Targeted), Location: Global (Victims), Language: ChineseTools Used: Custom NFC Relay Servers, Tools Used: Automated Phishing Kits, Tools Used: Mobile Malware (Credential Theft) and .

Most Recent Incident Detected: The most recent incident detected was on 2024-10-01.

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-12-31.

Highest Financial Loss: The highest financial loss from an incident was $1.2 million SGD (Singapore alone, Q4 2024).

Most Significant Data Compromised: The most significant data compromised in an incident were Payment Card Credentials (656 cases in Singapore), Mobile Wallet Tokens (Apple Pay: 502 cases), Personally Identifiable Information (via Phishing/Malware) and .

Most Significant System Affected: The most significant system affected in an incident was Apple PayGoogle PayDBS Bank Card SystemsRetail POS Terminals (NFC-Enabled)Mobile Wallet Authentication Servers.

Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was recorded future (threat intelligence), singapore authorities (investigation), cybersecurity firms (forensic analysis), .

Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Enhanced MFA for Mobile Wallet OnboardingTransaction Velocity LimitsGeofencing for Suspicious NFC Transactions.

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Payment Card Credentials (656 cases in Singapore), Mobile Wallet Tokens (Apple Pay: 502 cases) and Personally Identifiable Information (via Phishing/Malware).

Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 866.0.

Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Ongoing Investigations (Singapore), Potential Charges for Money Mules, .

Most Significant Lesson Learned: The most significant lesson learned from past incidents was Mobile Wallet Authentication Needs Adaptive, Context-Aware Controls.

Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was For: Banks (e.g., DBS), , For: Consumers, , For: Retailers, , For: Mobile Wallet Providers (Apple/Google), , For: Law Enforcement and .

Most Recent Source: The most recent source of information about an incident are Singapore Police Force (SPF) Advisory, Recorded Future, NFCGate GitHub Repository (Legitimate Tool Abused) and DBS Bank Security Bulletin.

Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.recordedfuture.com, https://www.police.gov.sg, https://github.com/NFCGate/NFCGate, https://www.dbs.com .

Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (Singapore Authorities + Private Sector).

Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Singapore Monetary Authority (MAS) – Fraud Risk Warning, Apple Security Update (iOS 17.3+ NFC Protections), Google Pay Fraud Prevention Guide, .

Most Recent Customer Advisory: The most recent customer advisory issued was an DBS Bank: 'Beware of Ghost-Tapping Scams' (Dec 2024)Apple Support: 'Protect Your Apple Pay from Unauthorized Use'Singapore Police Force: 'Contactless Payment Fraud Alert'.

Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Ongoing (Since at Least Q3 2024).