fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Ransomware hits law firm counseling Fortune 500, Global 500 companies

Ransomware hits law firm counseling Fortune 500, Global 500 companies

Campbell Conroy & O’Neil, P.C. (Campbell), a US law firm counseling dozens of Fortune 500 and Global 500 companies, has disclosed a data breach following a February 2021 ransomware attack.

Campbell’s client list includes high-profile companies from various industry sectors, including automotive, aviation, energy, insurance, pharmaceutical, retail, hospitality, and transportation.

Some of its current and past clients include Exxon, Apple, Mercedes Benz, Boeing, Home Depot, British Airways, Dow Chemical, Allianz Insurance, Universal Health Services, Marriott International, Johnson & Johnson, Pfizer, Time Warner, and many others.

Also Read: 5 Most Frequently Asked Questions About Ransomware

Ransomware attack leads to data theft

“On February 27, 2021, Campbell became aware of unusual activity on its network,” the law firm revealed in a press release issued earlier today.

“Campbell conducted an investigation and determined that the network was impacted by ransomware, which prevented access to certain files on the system.”

The company hired third-party forensic investigators to investigate the incident after discovering the attack and notified the FBI of the security breach.

Campbell issued a press release providing notice because the investigation determined that information relating to affected individuals was accessed by the threat actors behind the ransomware attack. 

While no clear evidence of the ransomware operators accessing specific information for each potentially impacted individual, Campbell confirmed that the affected devices contained various data types.

As Campbell found, the attackers were able to access “certain individuals’ names, dates of birth, driver’s license numbers / state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and/or online account credentials (i.e. usernames and passwords).”

Campbell offers 24 months of free access to credit monitoring, fraud consultation, and identity theft restoration services to all individuals whose Social Security numbers or equivalent information was exposed during the attack.

Incident could lead to additional data breaches

Campbell didn’t reveal the identity of the ransomware group behind this attack or if the attackers stole the accessed data.

However, over 20 different ransomware operations are known to steal sensitive files from victims’ servers before deploying payloads and encrypting their victims’ devices.

The data stolen in these attacks is commonly used as leverage to force victims to pay ransoms under the threat of having their information gradually leaked online until the ransomware operators’ demands are met.

Furthermore, in some cases, the ransomware gangs are also increasing the ransom bit-by-bit until all the stolen files are leaked on sites specifically designed for this purpose.

Depending on and if corporate clients’ data was also stolen during the ransomware attack on Campbell’s network, the incident could lead to more data breaches reported in the coming weeks and months.

This week, the US Government launched StopRansomware.gov, an online platform designed to help private and public entities defend themselves from ransomware attacks.

Ransomware has abruptly grown as a threat reaching exceptional levels during the last few months, since the start of 2021.

Attacks have hit US business and critical infrastructure, including the world’s largest meat producer JBS Foods and the largest US fuel pipeline Colonial Pipeline.

More recently, REvil ransomware breached Miami-based MSP software provider Kaseya in a campaign that hit roughly 1,500 businesses worldwide.

Also Read: How Does Ransomware Work? Examples and Defense Tips

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us