fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

France Warns Of Emotet Attacking Companies, Administration

France Warns Of Emotet Attacking Companies, Administration

The French national cyber-security agency today published an alert warning of a surge in Emotet attacks targeting the private sector and public administration entities throughout the country.

French public administration has three sub-sectors: central public administrations (APUC), local government (LUFA), and social security administrations (ASSO).

Emotet, originally a run-of-the-mill banking Trojan first spotted in 2014, is now a malware botnet used by a threat group tracked as TA542 and Mummy Spider.

The malware is used by the threat actors to drop other malware families including the Trickbot (a known vector used to deploy Ryuk and Conti ransomware payloads) and the QakBot trojans on infected systems.

Attacks abruptly increased for several days

“For several days, ANSSI has observed the targeting of French companies and administrations by the Emotet malware,” the ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information) alert bulletin reads.

“Special attention should be paid to this because Emotet is now used to deploy other malicious code that may have a strong impact on the activity of victims.”

As ANSSI noticed, the botnet is targeting “all types of business sectors around the world,” with attacks against French organizations suddenly increasing in the last few days.

ANSSI alert

ANNSI also provides a list of recommendations organizations should follow to prevent Emotet infections and to properly react after they systems get compromised:

• Make users aware not to enable macros in attachments and to be particularly attentive to the emails they receive and reduce the execution of macros.
• Limit Internet access for all agents to a controlled white list.
• Disconnect compromised machines from the network without deleting data.
• Generally speaking, removal/cleaning by antivirus is not a sufficient guarantee. Only the reinstallation of the machine ensures the erasure of the implant.
• Send the samples (.doc and .eml) available to you for analysis to ANSSI in order to determine the IoCs that can be shared. This point is essential because the attacker’s infrastructure evolves frequently, access to recent samples is therefore essential.

Also read: Personal Data Websites: 3 Things That You Must Be Informed

Revived after five months of silence

This alert comes after the Emotet malware botnet came back to life with a massive campaign of malicious spam — camouflaged as payment reports, invoices, employment opportunities, and shipping information — delivering malicious Word document and spreadsheet attachments starting July 17 via all its server clusters.

As Binary Defense researcher James Quinn told BleepingComputer at the time, Emotet was last seen on Feb 7th, 2020, with the malware going quiet for five months and sending no spam emails until July.

“Since reemerging on July 17, Emotet has sustained its activities with daily spam runs spewing more than 500K emails every day (except weekends) starting at around 2:00 AM Pacific Time (UTC -7),” Microsoft said at the time.

Since it returned back to life, Emotet started installing the TrickBot trojan on infected Windows computers, later switching to fully replace the TrickBot payloads and heavily spreading QakBot malware.

At the moment, reports say that QakBot will deliver ProLock ransomware as final payloads on some of the systems initially compromised by Emotet.

Now stealing attachments too

Emotet is now also using stolen attachments to improve the authenticity of its malicious emails, the first time it does so Quinn told BleepingComputer.

This new tactic adds to the leveraging of hijacked email conversation threads where it injects malicious URLs or attachments in new emails attached to existing conversations (as discovered by Minerva Labs in March 2019).

Since it came back online, Emotet has ranked first in a list of top 10 malware strains analyzed on the interactive malware analysis platform Any.Run.

This top puts it head and shoulders above the next malware (the Agent Tesla Remote Access Trojan), with more than then times the number of samples submitted for analysis.

Also read: Computer Misuse Act Singapore: The Truth And Its Offenses

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us