fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

HelloKitty Ransomware is Targeting Vulnerable SonicWall Devices

HelloKitty Ransomware is Targeting Vulnerable SonicWall Devices

CISA warns of threat actors targeting “a known, previously patched, vulnerability” found in SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products with end-of-life firmware.

As the US federal agency also adds, the attackers can exploit this security vulnerability as part of a targeted ransomware attack.

This alert comes after SonicWall issued an “urgent security notice” and sent emails to warn customers of the “imminent risk of a targeted ransomware attack.”

Even though the company said the risk of ransomware attacks is imminent, Coveware CEO Bill Siegel confirmed CISA’s warning saying that the campaign is ongoing. 

CISA urges users and administrators to review the SonicWall security notice and upgrade their devices to the latest firmware or immediately disconnect all end-of-life appliances.

Also Read: Compliance Course Singapore: Spotlight on the 3 Offerings

HelloKitty ransomware: one of the groups behind these attacks

While CISA and SonicWall did not reveal the identity of the threat attackers behind these attacks, BleepingComputer was told by a source in the cybersecurity industry that HelloKitty has been exploiting the vulnerability for the past few weeks.

Cybersecurity firm CrowdStrike also confirmed to BleepingComputer that the ongoing attacks are attributed to multiple threat actors, including HelloKitty.

HelloKity is a human-operated ransomware operation active since November 2020, mostly known for encrypting the systems of CD Projekt Red and claiming to have stolen Cyberpunk 2077, Witcher 3, Gwent, and other games’ source code.

Even though the bug abused to compromise unpatched and EOL SMA and SRA products was not disclosed in CISA’s warning or SonicWall’s notice, CrowdStrike security researcher Heather Smith told BleepingComputer yesterday that the targeted vulnerability is tracked as CVE-2019-7481.

“This exploitation targets a long-known vulnerability that was patched in newer versions of firmware released in early 2021,” SonicWall said in an emailed statement.

However, CrowdStrike’s Heather Smith and Hanno Heinrichs said in a report published last month that “CrowdStrike Services incident response teams identified eCrime actors leveraging an older SonicWall VPN vulnerability, CVE-2019-7481, that affects Secure Remote Access (SRA) 4600 devices.”

SonicWall credited the two security with reporting the actively exploited security flaw in a security advisory issued yesterday.

According to a Coveware report, Babuk ransomware is also targeting SonicWall VPNs likely vulnerable to CVE-2020-5135 exploits. This vulnerability was patched in October 2020 but it is still “heavily abused by ransomware groups today” per Coveware.

Ransomware vs. SonicWall devices

A threat group tracked by Mandiant as UNC2447 has also exploited the CVE-2021-20016 zero-day bug in SonicWall SMA 100 Series VPN appliances to deploy a new ransomware strain known as FiveHands (a DeathRansom variant just as HelloKitty).

Their attacks targeted multiple North American and European targets before SonicWall released patches in late February 2021.

The same zero-day was also abused in January in attacks targeting SonicWall’s internal systems and later indiscriminately exploited in the wild.

Mandiant threat analysts discovered three other zero-day vulnerabilities in SonicWall’s on-premises and hosted Email Security (ES) products in March.

These three zero-days were also actively exploited by a group Mandiant tracks as UNC2682 to backdoor systems using BEHINDER web shells, allowing them to move laterally through victims’ networks and access emails and files.

Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business

“The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files and emails, and move laterally into the victim organization’s network,” the Mandiant researchers said at the time.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us