fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

CISA Urges US Orgs to Prepare for Data-wiping Cyberattacks

CISA Urges US Orgs to Prepare for Data-wiping Cyberattacks

The Cybersecurity and Infrastructure Security Agency (CISA) urges U.S. organizations to strengthen their cybersecurity defenses against data-wiping attacks recently seen targeting Ukrainian government agencies and businesses.

As reported by BleepingComputer, Ukraine government agencies and corporate entities suffered coordinated cyberattacks last Friday where websites were defaced, and data-wiping malware was deployed to corrupt data and cause Windows devices to become inoperable.

Also Read: New Licensing Requirements For Cyber-Security Service Providers in 2022

Sources told cybersecurity journalist Kim Zetter that the attackers likely conducted the website defacements using the CVE-2021-32648 vulnerability in the OctoberCMS platform. The Ukraine Cyber Police say they are investigating the use of Log4j vulnerabilities and stolen credentials as another means of access to the networks and servers.

CNN also reports that a Ukrainian I.T. services company that helped develop many of these sites was also a victim, raising concerns about a supply-chain attack.

The website defacements and data-wiping malware attacks were originally thought to be different attacks. However, Ukraine issued a press release yesterday stating that entities were hit by both attacks, leading them to believe they were coordinated.

“Thus, it can be argued with high probability that the interface (replacement of displayed information) of websites of attacked government agencies and destruction of data by Viper are part of a cyber attack aimed at causing as much damage to the infrastructure of state electronic resource,” the Ukraine government announced yesterday.

Ukraine blames these attacks on Russia, with some security experts attributing the attacks to Ghostwriter, a state-sponsored hacking group with ties to Belarus.

CISA urges US orgs to defend against similar attacks

CISA is now urging business leaders and U.S. organizations to take the following steps to prevent similar destructive attacks on their networks.

“This CISA Insights is intended to ensure that senior leaders at every organization in the United States are aware of critical cyber risks and take urgent, near-term steps to reduce the likelihood and impact of a potentially damaging compromise,” warns a new CISA Insights bulletin.

“All organizations, regardless of sector or size, should immediately implement the steps outlined below.”

While CISA’s recommendations are in response to the recent cyberattacks on Ukraine, the following suggested steps are also good advice to prevent any network intrusion, including those leading to ransomware attacks.

Also Read: A Closer Look: The Personal Information Protection Law in China

Reduce the likelihood of a damaging cyber intrusion:

  • Validate that all remote access to the organization’s network and privileged or administrative access requires multi-factor authentication.
  • Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA.
  • Confirm that the organization’s IT personnel have disabled all ports and protocols that are not essential for business purposes.
  • If the organization is using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
  • Sign up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.

Take steps to quickly detect a potential intrusion:

  • Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging in order to better investigate issues or events.
  • Confirm that the organization’s entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
  • If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic
  • Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/ responsibilities within the organization, including technology, communications, legal and business continuity.
  • Assure availability of key personnel; identify means to provide surge support for responding to an incident.
  • Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.

Maximize the organization’s resilience to a destructive cyber incident:

  • Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections
  • If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.

CISA also recommends that cybersecurity and IT personnel read their recent bulletin on mitigating Russian state-sponsored cyber threats to U.S. critical infrastructure.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us