fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

US subsidiary of ST Engineering Aerospace suffers massive data breach

US subsidiary of ST Engineering Aerospace suffers massive data breach

File photo of a person using a computer keyboard. (Photo: AFP/Kirill Kudryavtsev)

Bookmark

SINGAPORE: About 1.5 terabytes of sensitive data was reportedly stolen from a US subsidiary of ST Engineering Aerospace in a massive data breach that was discovered on Friday (Jun 5), according to cybersecurity firm CYFIRMA.

In response to queries by CNA, CYFIRMA said its initial investigation showed the breach at VT San Antonio Aerospace started “as early as in March”. 

It said the stolen data includes contract details with various governments of countries like Peru and Argentina, government-related organisations like NASA, and air carriers like American Airlines.

The leaked data is also believed to include details of project implementation plans, name and type of equipment/parts, schedules and timelines, as well as financial records.

“Hackers used Maze ransomware for their campaign. Maze is a malware that hackers can embed into phishing emails. When a victim opens these emails, the Maze malware infects the machine and starts encrypting files. Once this is completed, a ransomware demand is made,” said CYFIRMA CEO Kumar Ritesh.

“Initial investigation indicated that ST Engineering might not have made the payment in response to the ransomware demand and hence, the data is now available on public domain. Hackers claimed they have exfiltrated 1.5TB of data and more sensitive data may be released onto public domain in the coming days.”

Mr Ritesh added ST Engineering Aerospace has been informed of the data breach, and the company is taking action.

In a statement, VT San Antonio Aerospace vice president and general manager Ed Onwe confirmed that cyber criminals called the Maze group had gained unauthorised access to the company’s network and carried out a ransomware attack.

“At this point, our ongoing investigation indicates that the threat has been contained and we believe it to be isolated to a limited number of ST Engineering’s US commercial operations. Currently, our business continues to be operational,” said Mr Onwe.

“Upon discovering the incident, the company took immediate action, including disconnecting certain systems from the network, retaining leading third-party forensic advisors to help investigate, and notifying appropriate law enforcement authorities.

“As part of this process, we are conducting a rigorous review of the incident and our systems to ensure that the data we are entrusted with remains safe and secure. This includes deploying advanced tools to remediate the intrusion and to restore systems. We are also taking steps to further strengthen the company’s overall cybersecurity architecture.”

He added VT San Antonio Aerospace had also begun notifying potentially affected customers, adding that the company was committed to responding to this incident transparently and proactively.

VT San Antonio Aerospace is conducting a rigorous review of the incident and its systems to ensure its data remains safe and secure, said Mr Onwe.

It is also taking steps to further strengthen the company’s overall cybersecurity architecture and deploying advanced tools to restore systems.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us