fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

SnapMC Hackers Skip File Encryption And Just Steal Your Files

SnapMC Hackers Skip File Encryption And Just Steal Your Files

A new actor tracked as SnapMC has emerged in the cybercrime space, performing the typical data-stealing extortion that underpins ransomware operations, but without doing the file encryption part.

File encryption is considered a core component of ransomware attacks, as it’s the very element that brings operational disruption to the victim.

Data exfiltration for purposes of double extortion came later as an additional form of leverage against a victim, but always took a back seat to the mayhem caused by an encrypted network

Soon, ransomware actors realized the power of this approach as many companies could restore the corrupted files from backups, but couldn’t possibly revert the file-stealing event and its consequences.

Researchers at NCC Group have been tracking a new adversary which they call SnapMC, named after the rapid strike approach the group follows, who enter networks, steal files, and deliver extortion emails in under 30 minutes.

Also Read: Practitioner Certificate In Personal Data Protection: Everything You Need To Know

Targeting known vulnerabilities

The SnapMC gang uses the Acunetix vulnerability scanner to find a range of flaws in a target’s VPN and web server apps, and then successfully exploits them to breach the corporate network.

The most exploited flaws observed in the actor’s initial access efforts include the PrintNightmare LPE, remote code execution in Telerik UI for ASPX.NET, and also various SQL injection opportunities.

The actors use SQL database exportation scripts to steal the data, while the CSV files are compressed with the 7zip archive utility prior to exfiltration. Once everything is neatly packed, the MinIO client is used for sending the data back to the attacker.

Considering that SnapMC leverages known vulnerabilities that have already been patched, updating your software tools would be a good way to defend against this rising threat

As NCC Group points out in its report, even if an organization uses a vulnerable version of Telerik, putting it behind a well-configured Web Application Firewall would render any exploitation efforts futile.

Also Read: The DNC Singapore: Looking At 2 Sides Better

Paying is risky

In data exfiltration extortion attacks, meeting the threat actor’s demands by paying a ransomware, guarantees nothing. On the contrary, it could give the hackers an incentive to attempt further extortion in the future.

It is also possible that even if a victim pays a ransom, their data may end up sold on criminal marketplaces or hacker forums as an additional way of generating revenue for the attackers.

Ransomware negotiation firm Coveware, strongly advises its clients never to pay a ransom to prevent stolen files from being leaked to the public.

During negotiation cases in the past, victims have paid a ransom and their data was stll leaked or no proof of deletion was ever provided.

  • Sodinokibi: Victims that paid were re-extorted weeks later with threats to post the same data set.
  • Netwalker: Data posted of companies that had paid for it not to be leaked
  • Mespinoza: Data posted of companies that had paid for it not to be leaked
  • Conti: Fake files are shown as proof of deletion

Due to this, victims should automatically assume that their data has been shared with other threat actors and that it will be used or leaked in the future, regardless of whether they paid a ransom.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us