fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

NSW Transport Agency Extorted By Ransomware Gang After Accellion Attack

NSW Transport Agency Extorted By Ransomware Gang After Accellion Attack

The transport system for the Australian state of New South Wales has suffered a data breach after the Clop ransomware exploited a vulnerability to steal files.

Transport for NSW is New South Wales’ transport system in charge of the buses, ferries, regional air operators, and cargo transportation.

Last week, Transport for NSW disclosed that their agency suffered a data breach after their secure file-sharing system, Accellion FTA, was attacked and hackers stole data.

The agency is currently investigating the breach to determine what data was stolen and is receiving help from Cyber Security NSW, the New South Wales government information security team.

“Cyber Security NSW is managing the NSW Government investigation with the help of forensic specialists.”

“We are working closely with Cyber Security NSW to understand the impact of the breach, including to customer data,” Transport for NSW disclosed in a data breach notification.

Also Read: In Case You Didn’t Know, ISO 27001 Requires Penetration Testing

Data leaked on Clop ransomware site

In December, threat actors began using a zero-day vulnerability in the Accellion FTA secure file sharing application to download and steal data.

Accellion FTA is commonly used by government agencies, educational instructions, and organizations to share files with people external to their organization securely.

After the Clop ransomware gang began leaking data stolen during these attacks and ransoming victims, it became clear that the ransomware group was behind the attacks. A report by Mandiant further confirmed the connection after analysis found shared IOCs between the attacks and the ransomware group.

Accellion FTA attack ransom note

This weekend, the Clop ransomware published screenshots of alleged emails and documents stolen from the NSW government during an attack on their Accellion FTA device.

Transport for NSW data leak

In a message on the data leak site, the ransomware gang states that Transport for NSW or other interested parties can make a payment to prevent the leak or buy the stolen data.

“Want to delete a page or buy data? write to the email indicated on the home page,” the Clop gang states on the data leak site.

The leaked data includes confidential documents, steering committee documents, and assorted emails.

Also Read: 4 Considerations In The PDPA Singapore Checklist: The Specifics

Unfortunately, due to the popularity of the Accellion FTA service and the wide-scale attacks performed by the Clop ransomware gang, we should expect to see further leaks published in the future.

Other Accellion FTA victims recently disclosed by the Clop ransomware gang include mobile carrier Singtel, geo-data specialist Fugro, law firm Jones Day, science and technology company Danaher, and technical services company ABS Group.

Thx to Kay Kyoung-ju Kwak for the tip.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us