fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft: Black Kingdom Ransomware Group Hacked 1.5K Exchange Servers

Microsoft: Black Kingdom Ransomware Group Hacked 1.5K Exchange Servers

Microsoft has discovered web shells deployed by Black Kingdom operators on approximately 1,500 Exchange servers vulnerable to ProxyLogon attacks.

“They started later than some other attackers, with many compromises occurring between March 18 and March 20, a window when fewer unpatched systems were available,” the Microsoft 365 Defender Threat Intelligence Team said.

“These web shells were observed on around 1,500 systems, not all of which moved to the ransomware stage.

“Many of the compromised systems have not yet received a secondary action, such as human-operated ransomware attacks or data exfiltration, indicating attackers could be establishing and keeping their access for potential later actions.”

Ransom demands of up to $10,000

Malware analyst Marcus Hutchins was the first to spot Black Kingdom (also tracked as Pydomer by Microsoft) targeting Exchange servers over the weekend after one of his ProxyLogon honeypots picked up the malicious activity.

More than 30 Black Kingdom submissions coming directly from impacted mail servers have been added to ransomware identification site ID Ransomware starting on March 18.

While the ransomware gang failed to encrypt any files on Hutchins’ honeypots, the ID Ransomware submissions are all from successfully encrypted Exchange servers.

Black Kingdom ransomware victims are located in the US, Russia, Canada, Germany, Austria, Switzerland, France, Israel, United Kingdom, Italy, Greece, Australia, and Croatia.

When BleepingComputer analyzed the Black Kingdom ransomware, it created a ransom note demanding $10,000 in bitcoins for a decryption key.

Also Read: Practitioner Certificate In Personal Data Protection: Everything You Need To Know

Black Kingdom ransom note

The ransom note also warned victims that data was stolen before their devices were encrypted and would be publicly released if a ransom is not paid.

In some of the attacks, Microsoft noted that a ransom note was created even though the device was not encrypted. It is unknown if this was a failed encryption attempt or they were simply exfiltrating data and ransoming it off.

“The note should be taken seriously if encountered, as the attackers had full access to systems and were likely able to exfiltrate data,” Microsoft added.

Black Kingdom ransomware post-exploitation activity (Microsoft)

While a connection has not yet been made, another ransomware dubbed Black Kingdom targeted corporate networks with Pulse Secure VPN exploits in June 2020.

Hutchins said that the current ransomware executable is a Python script compiled as a Windows executable. BleepingComputer has confirmed that last year’s Black Kingdom ransomware was also a Python-based malware.

Indiscriminate attacks target unpatched Exchange servers

Black Kingdom is the second confirmed ransomware that targets unpatched Microsoft Exchange servers with ProxyLogon exploits.

The first one was DearCry ransomware, a new strain deployed in attacks that started about one week after Microsoft released ProxyLogon security updates.

Threat actors behind ProxyLogon attacks have also been observed while stealing credentials via LSASS dumps and deploying cryptomining malware.

Microsoft revealed on Monday that roughly 92% of all on-premises Exchange servers reachable over the Internet and affected by the ProxyLogon vulnerabilities are now patched and safe from ongoing attacks.

From a total of 400,000 Internet-connected Exchange servers impacted by the ProxyLogon flaws when Microsoft issued the initial security patches on March 2, there are now under 30,000 still exposed to attacks, according to RiskIQ telemetry.

Also Read: The DNC Singapore: Looking At 2 Sides Better

Worldwide Exchange ProxyLogon exposure (RiskIQ)

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us