fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Eletrobras, Copel Energy Companies Hit By Ransomware Attacks

Eletrobras, Copel Energy Companies Hit By Ransomware Attacks

Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), two major electric utilities companies in Brazil have announced that they suffered ransomware attacks over the past week.

State-controlled, both are key players in the country. Copel being the largest in the state of Paraná while Eletrobras is the largest power utility company in Latin America and also owns Eletronuclear, a subsidiary involved in the construction and operations of nuclear power plants.

Both ransomware attacks disrupted operations and forced the companies to suspend some of their systems, at least temporarily.

Nuclear plants unaffected

In the case of Eletrobras, the incident occurred at its Eletronuclear subsidiary and was classified as a ransomware attack. It affected some of the administrative network servers and had no impact on operations at nuclear power plants Angra 1 and Angra 2.

Operations at the two plants are disconnected from the administrative network, for obvious security reasons, so the electricity supply to the National Interconnected System remained unaffected, the company says in a press release on Wednesday.

Upon detecting the attack, Eletronuclear suspended some of its systems to protect the integrity of the network. Together with the managed security services team, the company isolated the malware and restricted the effects of the attack.

The notification is scarce with details and does not clarify if the attack also doubles as a data breach, as it is common for ransomware operators to steal data from the victim network before deploying the encryption routine.

Also Read: What Is A Governance Framework? The Importance And How It Works

Copel leaks ahead

In the case of Copel, the attack is the work of the Darkside ransomware gang, who claims to have stolen more than 1,000GB of data and that the cache includes sensitive infrastructure access information and personal details of top management and customers.

According to the hackers, they gained access to the company’s CyberArk solution for privileged access management and exfiltrated plaintext passwords across Copel’s local and internet infrastructure.

Apart from this, Darkside says that they have more than 1,000GB of sensitive data belonging to Copel, which contains network maps, backup schemes and schedules, domain zones for Copel’s main site, and the intranet domain.

They also claim to have exfiltrated the database that stores Active Directory (AD) data – NTDS.dit file, which includes information about user objects, groups, group membership, and password hashes for all users in the domain.

Although the AD database does not have plain text passwords, there are tools that could crack the hashes offline or use them in the so-called pass-the-hash attacks, where they function as the password itself.

Unlike other ransomware operators, Darkside does not provide stolen data on their leak site. Instead, they set up a distributed storage system to host it for six months.

Access to these caches is vetted by the gang members. This means that while Copel’s data is not freely available, third parties including hackers can easily get it.

Main systems intact

Copel is the largest company in the state of Paraná and also the first Brazilian company in the electricity sector to be listed at the New York Stock Exchange.

The date of the intrusion remains undisclosed but Copel announced the incident in a filing with the Securities and Exchange Commission (SEC) on Monday, February 1st.

The company detected the attack and acted immediately to stop it from spreading across the network. An investigation was started to determine the full impact of the attack.

What is certain is that the main systems remained unaffected and the electricity supply along with telecommunications services continued to function normally.

“The operation and protection systems detected the attacks and, immediately, the Company followed the security protocols, including suspending the operation of its computerized environment to protect the integrity of the information. The full assessment of what happened is in progress and the Company is taking the necessary steps to restore normality” – Copel

Also Read: Website Ownership Laws: Your Rights And What These Protect

It is unclear how many segments of the Copel network were impacted by the attack or if the hackers were able to deploy the encryption routine. BleepingComputer reached out to Copel with a request for comments and we will update the article when an official statement becomes available.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us