fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Russian Hackers Had Months-long Access to Denmark’s Central Bank

Russian Hackers Had Months-long Access to Denmark’s Central Bank

Russian state hackers compromised Denmark’s central bank (Danmarks Nationalbank) and planted malware that gave them access to the network for more than half a year without being detected.

The breach was part of the SolarWinds cyber espionage campaign last year that the U.S. attributed to the Russian Foreign Intelligence Service, the SVR, through its hacking division commonly referred to as APT29, The Dukes, Cozy Bear, or Nobelium.

Hackers had access for months

The compromise came to light after technology publication Version2 obtained official documents from the Danish central bank through a freedom of information request.

The SolarWinds campaign is considered to be one of the most sophisticated supply-chain attacks as trojanized versions of the IT management platform SolarWinds Orion had been downloaded by 18,000 organizations across the world.

Also Read: Compliance Course Singapore: Spotlight on the 3 Offerings

“The Solarwinds backdoor in Danmarks Nationalbank was open for seven months, before the attack was detected by coincidence by the American IT-security company Fire Eye [sic]” – Version2

Despite the hackers’ long-term access, the bank said that it found no evidence of compromise beyond the first stage of the attack, as it happened with thousands of organizations that installed the trojanized version of SolarWinds Orion.

This indicates that Denmark’s central bank was merely a victim of the larger attack and it was not a target of interest for the hackers, as was the case with numerous U.S. federal agencies.

In an email statement for Version2, the bank admitted that it was affected by the SolarWinds supply-chain attack and that it took action immediately after learning of the compromise.

“Action was taken quickly and consistently in a satisfactory manner, and according to the analyzes performed, there were no signs that the attack has had any real consequences” – Denmark Central Bank

The SolarWinds attack became known when cybersecurity company FireEye disclosed it in December 2020 after detecting the hackers’ presence on its network.

It soon became clear that the hackers focused on entities in the U.S., their goal being to gain access to cloud assets, email in particular [123], of specific targets, including multiple government agencies.

Tracking the group as Nobelium, Microsoft said last Friday that the hackers have been running new campaigns, with at least three entities being breached.

Microsoft’s investigation of the attacks revealed an information-stealing trojan on the computer of one of its customer support agents that provided access to a limited number of customers.

In April, the U.S. government provided clear attribution for the SolarWinds espionage campaign, naming the Russian SVR as the author of the attack, through its group of hackers known in the infosec industry as Cozy Bear.

Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business

The White House noted that “the scope of this compromise is a national security and public safety concern.” The gravity of the incident was also marked by a set of sanctions against several Russian technology companies for helping Russian intelligence services carry out malicious actions against the U.S.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us