fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

US Government Confirms Russian SVR Behind The SolarWinds Hack

US Government Confirms Russian SVR Behind The SolarWinds Hack

The United States government is formally accusing the Russian government of the SolarWinds supply-chain attack that gave hackers access to the network of multiple U.S. agencies and private tech sector companies.

In a brief announcing sanctions on Russia for actions against the U.S. interests, the White House is naming the Cozy Bear group of advanced hackers as the author of the cyber espionage activity exploiting the SolarWinds Orion platform.

Loud and clear attribution

The press release from the White House confirms past media reports citing unofficial sources that the Russian Foreign Intelligence Service, the SVR, was behind the SolarWinds hack.

In early January, the Cyber Unified Coordination Group (UCG) attributed the attack to a Russian-backed hacker group, without giving a specific name.

Today, the White House officially blames the SVR for carrying out “the broad-scope cyber espionage campaign” through its hacking division commonly referred to as APT29, The Dukes, or Cozy Bear.

“The U.S. Intelligence Community has high confidence in its assessment of attribution to the SVR,” notes the brief from the White House.

Also Read: 4 Considerations In The PDPA Singapore Checklist: The Specifics

By compromising the SolarWinds software supply chain, the SVR had access to more than 16,000 computers across the world. However, the campaign targeted only select targets, such as companies in the cybersecurity sector (FireEyeMalwarebytesMimecast) and state and federal agencies in the U.S.

“The scope of this compromise is a national security and public safety concern. Moreover, it places an undue burden on the mostly private sector victims who must bear the unusually high cost of mitigating this incident”

– the U.S. White House

In a joint cybersecurity advisory, the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) are warning about the top five vulnerabilities the SVR is exploiting in attacks against the U.S. interests.

Organizations should heed the warning and take the necessary steps to identify and defend against malicious activity conducted by the SVR.

Russian companies sanctioned

President Biden has issued an executive order today on blocking property with regards to harmful activities from the government of the Russian Federation.

Using the Executive Order issued today by President Biden, the Treasury Department has issued sanctions against the following Russian technology companies for helping the SVR, Russia’s Federal Security Service (FSB), and Russia’s Main Intelligence Directorate (GRU) perform malicious cyber activities against the United States.

ERA Technopolis – A research center and technology park funded and operated by the Russian Ministry of Defense.  ERA Technopolis houses and supports units of Russia’s Main Intelligence Directorate (GRU) responsible for offensive cyber and information operations and leverages the personnel and expertise of the Russian technology sector to develop military and dual-use technologies.

Pasit – A Russia-based information technology (IT) company that conducted research and development in support of Russia’s Foreign Intelligence Service’s (SVR) malicious cyber operations.

SVA – A Russian state-owned research institute specializing in advanced systems for information security located in Russia.  SVA conducted research and development in support of the SVR’s malicious cyber operations.

Neobit – A Saint Petersburg, Russia-based IT security firm whose clients include the Russian Ministry of Defense, SVR, and Russia’s Federal Security Service (FSB). Neobit conducted research and development in support of the cyber operations conducted by the FSB, GRU, and SVR.  Neobit was also designated today under cyber-related E.O. 13694, as amended by E.O. 13757, WMD-related E.O. 13382, and the Countering America’s Adversaries Through Sanctions Act (CAATSA) for providing material support to the GRU.

AST – A Russian IT security firm whose clients include the Russian Ministry of Defense, SVR, and FSB.  AST provided technical support to cyber operations conducted by the FSB, GRU, and SVR.  AST was also designated today under E.O. 13694, E.O. 13382, and CAATSA for providing support to the FSB.

Positive Technologies – A Russian IT security firm that supports Russian Government clients, including the FSB.  Positive Technologies provides computer network security solutions to Russian businesses, foreign governments, and international companies and hosts large-scale conventions that are used as recruiting events for the FSB and GRU.  Positive Technologies was also designated today under E.O. 13694, E.O. 13382, and CAATSA for providing support to the FSB.

Also Read: The 3 Main Benefits Of PDPA For Your Business

US companies and financial institutions are no longer able to do business with the above-sanctioned companies without first applying for and receiving a license from the Office of Foreign Assets Control (OFAC).

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us