fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Autodesk Reveals It Was Targeted by Russian SolarWinds Hackers

Autodesk Reveals It Was Targeted by Russian SolarWinds Hackers

Autodesk has confirmed that it was also targeted by the Russian state hackers behind the large-scale SolarWinds Orion supply-chain attack, almost nine months after discovering that one of its servers was backdoored with Sunburst malware.

The US software and services company provides millions of customers from the design, engineering, and construction sectors with CAD (computer-aided design), drafting, and 3D modeling tools.

“We identified a compromised SolarWinds server and promptly took steps to contain and remediate the incidents,” Autodesk said in a recent 10-Q SEC filing.

“While we believe that no customer operations or Autodesk products were disrupted as a result of this attack, other, similar attacks could have a significant negative impact on our systems and operations.”

An Autodesk spokesperson told BleepingComputer that the attackers did not deploy any other malware besides the Sunburst backdoor, likely because it was not selected for second stage exploitation or the threat actors didn’t act quickly enough before they were detected.

“Autodesk identified a compromised SolarWinds server on December 13. Soon after, the server was isolated, logs were collected for forensic analysis, and the software patch was applied,” the spokesperson said.

Also Read: This Educator Aims to Make Good Cyber Hygiene a Household Practice

“Autodesk’s Security team has concluded their investigation and observed no malicious activity beyond the initial software installation.”

One of many tech companies breached in a large-scale hacking spree

The supply-chain attack that led to SolarWinds’s infrastructure getting breached was coordinated by the hacking division of the Russian Foreign Intelligence Service (aka APT29, The Dukes, or Cozy Bear).

After gaining access to the company’s internal systems, the attackers trojanized the Orion Software Platform source code and builds released between March 2020 and June 2020.

These malicious builds were later used to deliver a backdoor tracked as Sunburst to “fewer than 18,000,” but, luckily, the threat actors only picked a substantially lower number of targets for second-stage exploitation.

As a direct result of this supply-chain attack, the Russian state hackers gained access to the networks of multiple US federal agencies and private tech sector firms.

Before the attack was disclosed, SolarWinds said it had 300,000 customers worldwide [12], including over 425 US Fortune 500 companies, all top ten US telecom companies.

The company’s customer list also included a long list of govt agencies (the US Military, the US Pentagon, the State Department, NASA, NSA, Postal Service, NOAA, the US Department of Justice, and the Office of the President of the United States).

Also Read: The 3 Main Benefits of PDPA For Your Business

At the end of July, the US Department of Justice was the latest US government entity to disclose that 27 US Attorneys’ offices were breached during last year’s SolarWinds global hacking spree.

SolarWinds has reported expenses of $3.5 million from dealing with last year’s supply-chain attack in March 2021, including remediation and incident investigation costs.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us