Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Nokia Subsidiary Discloses Data Breach After Conti Ransomware Attack

Nokia Subsidiary Discloses Data Breach After Conti Ransomware Attack

Image: Kabiur Rahman Riyad

Also Read: Lessons from PDPC Incident and Undertaking: August 2021 Cases

SAC Wireless, a US-based Nokia subsidiary, has disclosed a data breach following a ransomware attack where Conti operators were able to successfully breach its network, steal data, and encrypt systems.

The wholly-owned and independently-operating Nokia company, headquartered in Chicago, IL, works with telecom carriers, major tower owners, and original equipment manufacturers (OEMs) across the US. 

SAC Wireless helps customers design, build and upgrade cellular networks, including 5G, 4G LTE, small cell and FirstNet.

Also Read: Top 3 Common Data Protection Mistakes, Revealed

Attack detected after Conti ransomware encrypted systems

The company discovered that its network was breached by Conti ransomware operators on June 16, only after deploying their payloads and encrypting SAC Wireless systems.

The Nokia subsidiary found that personal information belonging to current and former employees (and their health plans’ dependents 
or beneficiaries) was also stolen during the ransomware attack on August 13, following a forensic investigation conducted with the help of external cyber security experts.

“The threat actor, Conti, gained access to the SAC systems, uploaded files to its cloud storage, and then, on June 16, deployed ransomware to encrypt the files on SAC systems,” SAC says in data breach notification letters sent to an undisclosed number of impacted individuals.

After completing the forensic investigation, the company believes that the stolen files contain the following categories of personal info: “name, date of birth, contact information (such as home address, email, and phone), government ID numbers (such as driver’s license, passport, or military ID), social security number, citizenship status, work information (such as title, salary, and evaluations), medical history, health insurance policy information, license plate numbers, digital signatures, certificates of marriage or birth, tax return information, and dependent/beneficiary names.”

In response to the ransomware attack, SAC has taken multiple measures to prevent future breaches, including:

  • changed firewall rules,
  • disconnected VPN connections,
  • activated conditional access geo-location policies to limit non-U.S. access,
  • provided additional employee training,
  • deployed additional network and endpoint monitoring tools,
  • expanded multi-factor authentication,
  • and deployed additional threat-hunting and endpoint detection and response tools.

BleepingComputer reached out to SAC Wireless for additional information on the attack two weeks ago, on August 12, but a company spokesperson refused to confirm that it involved ransomware or provide additional details.

“SAC is aware of an incident, and we are currently investigating the matter,” the spokesperson said. “As we continue to assess the incident, we are in contact with relevant parties to recommend that appropriate safeguards and precautions may be taken.”

Also Read: The Financial Cost of Ransomware Attack

Conti claims to have stolen 250GB of files

While the company refused to acknowledge the ransomware attack and did not provide more info on the extent of the damage, the Conti ransomware gang revealed on their leak site that they stole over 250 GB of data.

According to a recent update, the ransomware group will soon leak all the stolen files online if the Nokia subsidiary doesn’t pay the ransom they demanded.

Conti ransomware is a private Ransomware-as-a-Service (RaaS) operation likely controlled by a Russian-based cybercrime group known as Wizard Spider.

Conti shares some of its code with the notorious Ryuk Ransomware, whose TrickBot distribution channels they began using after Ryuk decreased activity around July 2020.

The gang has recently breached Ireland’s Health Service Executive (HSE) and Department of Health (DoH), asking the former to pay a $20 million ransom after encrypting its systems.

The FBI also warned in May that Conti operators have attempted to breach the networks of more than a dozen US healthcare and first responder organizations.

Earlier this month, a disgruntled affiliate leaked the gang’s training materials, including information about one of its operators, a manual on deploying Cobalt Strike and mimikatz, as well as numerous help documents allegedly provided to affiliates when performing Conti attacks.

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us