fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

PYSA Ransomware Behind Most Double Extortion Attacks in November

PYSA Ransomware Behind Most Double Extortion Attacks in November

Security analysts from NCC Group report that ransomware attacks in November 2021 increased over the past month, with double-extortion continuing to be a powerful tool in threat actors’ arsenal.

Threat actors’ focus is also shifting to entities belonging to the government sector, which received 400% more attacks than in October.

The spotlight in November was stolen by the PYSA ransomware group (aka Mespinoza), which had an explosive rise in infections, recording an increase of 50%.

Other dominant ransomware groups are Lockbit and Conti, which launched attacks against critical entities, albeit fewer than in previous months.

Also Read: How COVID-19 Contact Tracing in Singapore Applies at Workplace

The first signs of PYSA activity reaching threatening levels became apparent in March 2021, leading to the FBI publishing an alert about the actor’s activity escalation.

Like almost all ransomware groups currently, PYSA exfiltrates data from the compromised network and then encrypts the originals to disrupt operations.

The stolen files are used as leverage in ransom negotiations, where the attackers threaten to publicly release data if a ransom is not paid.

PYSA data leak site
PYSA data leak site

New extortion trends and tactics

Another actor the NCC group report focuses on is Everest, a Russian-speaking ransomware gang who currently uses a new extortion method.

Whenever their ransom demands aren’t met within the allocated negotiation time, Everest sells access to the victim’s corporate network to other threat actors.

Also Read: What Is Data Sovereignty and How Does It Apply To Your Business?

This practice creates additional troubles for the compromised entities, as they now have to manage multiple infections and repeated attacks simultaneously.

“While selling ransomware-as-a-service has seen a surge in popularity over the last year, this is a rare instance of a group forgoing a request for a ransom and offering access to IT infrastructure – but we may see copycat attacks in 2022 and beyond,” comments NCC Group’s report.

Another trend that is expected to have a meteoric rise in December and the coming months is the exploitation of the Log4Shell exploit to deploy ransomware payloads.

Already, Conti worked on developing an infection chain based on the Log4Shell exploit and is likely using it to rapidly execute attacks on vulnerable networks.

Ransomware is a shifting threat that quickly evolves to new defenses, so several security precautions and measures are required to protect against it sufficiently.

If you’re looking for the best prevention practices, you can start with CISA’s ransomware guide that offers several solid security recommendations.

With Christmas approaching and the IT teams working understaffed due to holidays, applying defenses even at the last minute could prove a savior.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us