Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Dassault Falcon Jet Reports Data Breach After Ransomware Attack

Dassault Falcon Jet Reports Data Breach After Ransomware Attack

Dassault Falcon Jet has disclosed a data breach that may have led to the exposure of personal information belonging to current and former employees, as well as their spouses and dependents.

Dassault Falcon Jet is the US subsidiary of French aerospace company Dassault Aviation which designs and builds military aircraft, business jets, and space systems.

The Dassault subsidiary has 2,453 employees and it is focused on marketing and providing aviation and maintenance services for Falcon aircrafts on the American continent.

Dassault Aviation reported revenues of €7.3 billion in 2019 and it has delivered more than 10,000 military and civil aircraft to over 90 countries.

Subsidiaries also impacted

Dassault Falcon Jet discovered the incident on December 6th, 2020, and sent a data breach notification letter to impacted current and former employees on December 31st.

According to media reports and the dates of breach reported by the company, the attackers maintained access to Dassault Falcon Jet’s systems for roughly six months, between June 6th and December 7th.

The Ragnar Locker operators who infiltrated the company’s systems were also able to infiltrate the network of several Dassault Falcon Jet subsidiaries.

The principal subsidiaries include Dassault Aircraft Services Corporation, Aero Precision Repair And Overhaul Company (APRO), Midway Aircraft Instrument Corporation, Dassault Falcon Jet Do Brasil Limitada, and Dassault Falcon Jet Leasing.

“Upon discovery of this security incident, we immediately took all affected systems offline and engaged third-party cybersecurity experts to aid in our investigation, as we work to safely restore our systems in a manner that protects the security of your information,” the breach notification says.

The company is collaborating with law enforcement to investigate the incident and says that it has found evidence that the attackers may have stolen documents containing employees’ information.

Also Read: Data Storage Security Standards: What Storage Professionals Need to Know

The information belonging to employees may include their “name, personal and company email address, personal mailing address, employee ID number, driver’s license number, passport information, financial account number, Social Security number, date of birth, work location, compensation and benefit enrollment information, and date of employment.”

Their spouses and dependents’ information may include their “name, address, date of birth, Social Security number, and benefit enrollment information.”

Impacted systems restored and rebuild

While the company has not yet confirmed that the breach was due to a ransomware attack, LeMagIT reported in December that Ragnar Locker is the ransomware gang that was behind the incident.

Dassault Falcon Jet spokespersons were not immediately available for comment when contacted by BleepingComputer earlier today. 

The company also didn’t provide a reply to inquiries made by BleepingComputer last month.

However, the breach notification says that affected systems have been restored and rebuild after the incident.

“As we restore and rebuild systems, we are also strengthening the security protections in place to protect those systems and the data stored on them,” the company said.

The Ragnar Locker gang sent BleepingComputer the following screenshot on December 11th, 2020, containing a directory listing from one of the Dassault Falcon Jet systems breached during the attack (a heavily redacted version is available below).

Dassault Falcon Jet directory listing

Ragnar Locker ransomware was first observed while being deployed in attacks against several targets during late December 2019.

The operators are known for terminating remote management software (such as ConnectWise and Kaseya) used by managed service providers (MSPs) to remotely manage their clients’ systems, thus allowing them to avoid detection and preventing payload deployment from being blocked.

The FBI has warned private industry partners of increased Ragnar Locker ransomware activity following an April attack against multinational energy giant Energias de Portugal (EDP).

Also Read: IT Governance Framework PDF Best Practices And Guidelines

BleepingComputer has seen Ragnar Locker ransom demands ranging from $200,000 to roughly $600,000. In EDP’s case, Ragnar Locker asked for a ransom of 1580 bitcoins (the equivalent of over $10 million).

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us