fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

BlackShadow Hackers Breach Israeli Hosting Firm and Extort Customers

BlackShadow Hackers Breach Israeli Hosting Firm and Extort Customers

The BlackShadow hacking group attacked the Israeli hosting provider Cyberserve to steal client databases and disrupt the company’s services.

Cyberserve is an Israeli web development firm and hosting company used by various organizations, including local radio stations, museums, and educational institutions.

Attacking many victims at once

Starting Friday, when attempting to access websites hosted at Cyberserve, visitors were met with website errors or messages that the site was inaccessible due to a cybersecurity incident.

Also Read: What You Should Know About The Data Protection Obligation Singapore

Dan Bus outage message
Dan Bus outage message

A hacking group known as BlackShadow claimed responsibility for the attack on Cyberserve and is extorting the hosting company and its customers by demanding $1 million in cryptocurrency not to leak stolen data.

The deadline for this extortion demand was set for 48 hours, starting on Saturday, but the actors almost immediately leaked a sample of 1,000 records to prove their point.

Included in the data theft is a database containing the personal information of a large LGBT site named ‘Atraf,’ which makes the security incident quite dire.

Exposing LGBT people who live in conservative societies puts them at significant risk, both physically and psychologically.

“Atraf’s team did not contact us for any deal’s yet so we collected 50 famous israeli that were surfing and we leak their video’s,” threatended the hacking group on Telegram.

Also Read: The Difference Between GDPR And PDPA Under 10 Key Issues

At the time of writing this, many of the websites hosted at CyberServe are inaccessible, including Atraf, indicating that the company is still responding to the attack.

Other websites affected by this attack are:

  • The Kavim (Dan Bus) public transportation firm.
  • The Kan public broadcaster.
  • The Pegasus travel agency.
  • The Holon Children’s Museum.

The National Cyber Directorate told The Times of Israel that they had warned CyberServe about an imminent cyber attack several times in the previous days.

It is unclear if Cyberserve ignored these warnings or could not find the security vulnerability used by the threat actors.

Politically motivated

BlackShadow is an Iranian state-sponsored hacking group that has confirmed links to the Pay2Key ransomware strain that has been repeatedly deployed against Israeli targets. 

However, unlike typical ransomware attacks, the threat actors behind BlackShadow are not believed to be financially motivated.

Omri Segev Moyal, co-founder & CEO of Israeli cybersecurity firm Profero, told Bleeping Computer that attacks by these hacking groups are retaliatory and designed to disrupt Israeli interests.

“The recent attacks from the so-called ‘BlackShadow’ are just another cycle of the clandestine Iran-Israeli war. It’s a well-constructed InfoOp combined with very weak hacking skills to hurt Israel. We assume the current cycle is also in retaliation for the attack against the gas pumps in Iran last week.” – Omri Segev Moyal.

Last year, the group extorted the Israeli insurance company’ Shirbit,’ demanding a payment of $1 million in Bitcoin and threatening to leak stolen data. 

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us