fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Data Leak Marketplace Pressures Victims By Emailing Competitors

Data Leak Marketplace Pressures Victims By Emailing Competitors

The Marketo data theft marketplace is applying maximum pressure on victims by emailing their competitors and offering sample packs of the stolen data.

Last month, BleepingComputer reported that cybercriminals started to create dedicated data-theft extortion marketplaces that exist solely to sell stolen data.

The data sold on these sites are obtained through the marketplace’s own attacks, from other threat actors, or by collecting data released in other attacks, such as ransomware or website data breaches.

The stolen data is sold for as low as $100 to tens of thousands of dollars depending on the marketplace.

Under pressure

One of these marketplaces, known as Marketo, is now taking it a step further and emailing the victim’s competitors to offer samples of the stolen data and entice them into purchasing it.

Also Read: How to Choose a Penetration Testing Vendor

In April, Marketo claimed to have breached a large, heavy machinery and defense technology company and began selling their stolen data.

After we assume they could not find any buyers, Marketo started emailing the communication managers for the victim’s competitors to offer a “demo pack” of the stolen data.

“Hello, we are Marketo and we know you have a competitor – [redacted]. So we would like to inform you that we attacked them and downloaded quite a bit of data,” read the email shared with BleepingComputer.

“We have confidential and personal data, info about their tax payments, clients and partners. That might significantly lower the NASDAQ price.”

Email sent to victim’s competitors

It is not clear if Marketo were hoping competitors would purchase the data to learn corporate secrets or to pay to damage the reputation of their competitors.

The list of competitors that received this email includes multi-national billion-dollar companies whose names would be immediately recognizable to everyone.

Targeting victims’ competitors to pressure a ransom payment or even encourage other companies to purchase stolen data is not new.

After the Clop ransomware gang went on a hacking spree targeting Accellion FTA secure file transfer devices to steal their hosted data, they also performed a similar tactic as Marketo.

After not receiving ransom payments from various victims, Clop began emailing competitors and journalists with information about the attacks to pressure the victim.

Also Read: This Educator Aims to Make Good Cyber Hygiene a Household Practice

For one of these victims, Clop also emailed the company’s customers and told them that their “phone, email, address, credit card information and social security number” would soon be leaked unless they “Call or write to this store and ask to protect your privacy!!!!”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us