fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

FBI And Homeland Security Warn Of APT Attacks On US Think Tanks

FBI And Homeland Security Warn Of APT Attacks On US Think Tanks

The FBI and DHS-CISA warned of state-sponsored hacking groups targeting U.S. think tank organizations in a joint advisory published on Tuesday evening.

Advanced persistent threat (APT) actors are regularly directing their attacks on such organizations and individuals associated with them who can have an important role in shaping U.S. policy and international affairs according to the two federal agencies.

Heightened state of awareness recommended by federal agencies

State-backed hackers have used a multitude of infiltration vectors in their attacks including spearphishing focused on both corporate and personal accounts via email and third-party messaging services, as well as the exploitation of vulnerable web-facing devices and remote connections.

“Attackers may leverage virtual private networks (VPNs) and other remote work tools to gain initial access or persistence on a victim’s network,” the joint advisory reads.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

“When successful, these low-effort, high-reward approaches allow threat actors to steal sensitive information, acquire user credentials, and gain persistent access to victim networks.”

DHS-CISA and the FBI also advised organizations and individuals in international affairs and national security sectors to “adopt a heightened state of awareness.”

They also provided a set of extensive mitigation measures to be immediately implemented by think tank organizations’ leaders, staff, and IT staff to strengthen their security posture and defend against ongoing attacks by nation-state hacking groups.

Think tanks under constant targeting

The FBI also issued a ‘TLP:WHITE‘ private industry notification in April 2020 regarding the continued targeting of US think tanks by state-backed APT groups since at least 2014, with the end goal of gaining access to and exfiltrating sensitive information.

“Nation-state APT actors have sought access to US think tank organizations–which employ former US Government (USG) personnel who continue to engage with current USG officials on political, domestic, foreign, and economic policies –as a means to collect sensitive USG information, bypassing the need to target USG networks directly,” the FBI warned.

“The reasoning behind this targeting approach is two-fold: USG networks tend to be more secure and more difficult to access, and mitigation efforts within USG networks have historically been effective.”

Over the last several years, hacking groups have been able to infiltrate and successfully acquire information on a wide range of sensitive topics including but not limited to:

  • US Elections-Related Topics
  • US Politics and Foreign Policy
  • US Interests/Conflicts with Competing World Powers
  • US Decision Making and National Security Issue
  • US Cyber Deterrence
  • US and NATO Interests
  • US Defense Plans

Even after successfully removing APTs from the compromised network of a think tank organization, they have been able to “shortly” re-infiltrate them and resume harvesting and exfiltrating sensitive information until their malicious activity was once again detected and blocked the FBI said. [PDF]

Also Read: Limiting Location Data Exposure: 8 Best Practices

Microsoft also warned during late-September of nation-state actors behind ongoing attacks against “think tanks focused on public policy, international affairs or security.”

The Russian-backed APT29 threat group (also tracked as Cozy Bear and The Dukes) and its attacks on think-tank organizations were the subjects of another joint alert [1234] issued by national cybersecurity agencies from the United States, the United Kingdom, and Canada issued in July 2020.

Previous attacks targeting US think tanks in 2017 (APT29) and 2018 (Indian APT group Dropping Elephant) were reported by Defense One and security researchers at Volexity.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us