fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Ransomware: Hackers took just three days to find this fake industrial network and fill it with malware

Ransomware: Hackers took just three days to find this fake industrial network and fill it with malware

Researchers set up a tempting honeypot to monitor how cyber criminals would exploit it. Then it came under attack.

Industrial control networks are coming under attack from a range of ransomware attacks, security researchers have warned, after an experiment revealed the speed at which hackers are uncovering vulnerabilities in critical infrastructure.

Security company Cybereason built a ‘honeypot‘ designed to look like an electricity company with operations across Europe and North America. The network was made to look authentic to entice potential attackers by including IT and operational technology environments, as well as human interface interface systems.

All the infrastructure was built with common security issues found in critical infrastructure including internet-facing remote desktop ports, medium-complexity passwords along with some customary security controls including network segmentation.

The honeypot went live earlier this year and it was only three days until attackers discovered the network and were finding ways to compromise it – including a ransomware campaign which infiltrated chunks of the network, as well as grabbing log-in credentials.

“Very early after launching the honeypot, the ransomware capability was placed on every compromised machine,” Israel Barak, chief information security officer at Cybereason told ZDNet.

Hackers put ransomware onto the network by exploiting remote administration tools to gain access to the network and cracking the administrator password to log in and remotely control the desktop.

From there, they created a backdoor into a compromised server and used additional PowerShell tools including Mimikatz, which enabled the attackers to steal login credentials, allowing lateral movement across the network – and the ability to compromise even more machines. The attackers performed scans to find as many endpoints to gain access to, harvesting credentials as they went.

Ultimately, this means that as well as deploying ransomware, malicious hackers also have the capability to steal usernames and passwords, something they could exploit by threatening to reveal sensitive data if a ransom isn’t paid, as extra leverage.

“Only after the other stages of the attack were completed, the attack detonated the ransomware across all compromised endpoints simultaneously. This is a common trait to multi-stage ransomware campaigns, that is intended to amplify the impact of the attack on the victim,” said Barak.

Ransomware attacks from multiple different sources frequently uncovered the honeypot and many attempted other ransomware attacks, while other hackers were more interested in performing reconnaissance on the network – as was the case with a previous honeypot experiment.

While that might not sound as dangerous as ransomware, an attacker looking to find ways they could exploit the network of what they thought to be an electricity provider could have potentially dangerous consequences.

Nonetheless, it appears that ransomware has become one of the key methods in which attackers are attempting to exploit infrastructure they can easily compromise with that the report describes as a “constant barrage” of attacks on the sector – and something that’s likely to become more intense.

Fortunately, the attackers targeting the honeypot couldn’t do any real damage – but the experiment demonstrates how networks supporting critical infrastructure needs to be resilient enough go fend off unwanted intrusions by designing and operating networks with resiliency in mind – especially when it comes to segregating IT and operational technology networks.

Even relatively basic improvements like ensuring networks are protected by complex passwords which are hard to guess can help while more complex security initiatives – like red team and blue team exercises – can help build up protection.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us