fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Mobile Phishing Attacks Targeting Energy Sector Surge by 161%

Mobile Phishing Attacks Targeting Energy Sector Surge by 161%

Mobile phishing attacks targeting employees in the energy industry have risen by 161% compared to last year’s (H2 2020) data, and the trend is showing no signs of slowing down.

Although the perils of outdated and vulnerable devices plague all sectors, a new report by cybersecurity firm Lookout indicates that energy is the most targeted, followed by finance, pharma, government, and manufacturing.

In terms of geographic targeting, Asia-Pacific tops the list, followed by Europe and then North America. However, there is a rising trend in phishing attacks targeting the global energy industry across the world.

Also Read: Top 11 Ultimate Cold Calling Guidelines To Boost Your Sales

Comparison of phishing rates on the mobile space
Comparison of phishing rates in the energy industry over time
Source: Lookout

Mobile phishing also surged in the first half of 2021, with nearly 20% of all employees in the energy sector being targeted in mobile phishing attacks, leading to an increase of 161% over the previous six months.

VPN credentials harvesting

With so many people working from home due to the COVID-19 pandemic, many employees use VPNs to access corporate networks. Unfortunately, this remote access to a corporate network makes for an attractive target for threat actors, who use phishing to steal VPN credentials or domain credentials.

In 67% of all analyzed phishing cases by Lookout researchers, threat actors are performing credential theft. To conduct these campaigns, the attackers employ email, SMS, phishing apps, and login pages at fake corporate sites.

Percentage of attack types
Percentage of attack types.
Source: Lookout

These credentials enable them to gain access to internal networks, which can then be used for further lateral movement and finding additional pivoting points.

From there, they can locate vulnerable systems and launch attacks against industrial control systems which typically carry unidentified flaws for years.

Also Read: IT Equipment Disposal Singapore and Recycle Services

The Android problem

According to the report from Lookout, the most significant attack surface stems from 56% of Android users running out-of-date and vulnerable versions of the OS.

“Outdated versions of Google and Apple operating systems are still in use across the energy industry. Old versions expose organizations to hundreds of vulnerabilities that can be exploited by bad actors seeking access to an organization’s environment,” explains the report from Lookout.

A full year after Android 11 was released, Lookout’s telemetry showed that only 44.1% of active Android devices were using it.

Update overview - Android vs. iOS

Update overview – Android vs. iOS
Source: Lookout

In contrast, iPhones are far less vulnerable to exploitation, as most iOS users are running the latest version.

Some of the flaws in older Android versions are easily exploitable and pretty across the entire user base.

For example, CVE-2020-16010 in Chrome can be trivially exploited through a specially crafted HTML page, and considering the browser’s popularity, would be exposed on all outdated Android phones.

Riskware is a bigger problem than malware

Apps that request risky permissions and access sensitive data on the device are now a bigger problem than “pure” malware, as they are far easier to pass through app store vetting.

Many of these apps connect to obscure servers and send various types of data that are irrelevant to their core functionality but which still constitute a great risk to the user and their employing organization.

Spyware, keyloggers, trojans, and even ransomware droppers remain a problem, but it’s more likely to see these deployed in highly targeted attacks, so their distribution volumes are significantly smaller.

As such, employee training is critical in minimizing security lapses, as the human factor remains the greatest risk for installing riskware and the clicking/tapping of suspicious links.

Lookout reports that a single session of anti-phishing training results in 50% fewer clicks onto phishing links for the next 12 months.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us