Out-of-bounds Write Vulnerability in Avast Antivirus Sandbox Driver (aswSnx.sys) due to Time-of-check Time-of-use Race Condition.

CVE-2023-5760 | Vulnerability Report

Out-of-bounds Write Vulnerability in Avast Antivirus Sandbox Driver (aswSnx.sys) due to Time-of-check Time-of-use Race Condition

The sandbox driver (aswSnx.sys) in Avast Antivirus contains a vulnerability which could be exploited at the kernel level to perform Local Privilege Escalation, allowing attackers to gain NT AUTHORITY\SYSTEM privileges.&nbsp;

LAN-Side Unauthenticated Remote Code Execution (RCE) in D-Link DIR-822 routers due to Stack-Based Buffer Overflow in HNAP.

CVE-2024-25331 | Vulnerability Report

LAN-Side Unauthenticated Remote Code Execution (RCE) in D-Link DIR-822 routers due to Stack-Based Buffer Overflow in HNAP

An unauthenticated attacker can gain Remote Code Execution in the D-Link DIR-822 router due to a stack-based buffer overflow vulnerability in the HNAP service.&nbsp;

<div class="OutlineElement Ltr SCXW1486410 BCX0">
Joining us are host - Gaurav Keerthi (Head of Advisory and Emerging Business), subject matter expert - Teo Xiang Zheng (Vice President of Advisory), and special guest - Mike Cunningham (R&amp;D Program Manager, Center for Threat-informed Defense, MITRE Engenuity).&nbsp;&nbsp;
</div>
<div class="OutlineElement Ltr SCXW1486410 BCX0">
&nbsp;
</div>
<div class="OutlineElement Ltr SCXW1486410 BCX0">
In the episode, we'll dive deep into the topic of mitigating cyber threats in Asia through Threat-informed Defence. We'll discuss the unique cyber threat landscape in Asia and its contrasts with other regions. We'll also introduce the concept and importance of threat-informed defence and explain how organisations can enhance their cyber defence strategies using the MITRE ATT&amp;CK framework. The discussion includes real-world examples of threat detection techniques and cybersecurity scoring, offering practical steps for implementing effective cyber defences and understanding adversaries.&nbsp;
</div>

In this episode, we'll dive deep into the topic of mitigating cyber threats in Asia through Threat-informed Defence. 

Ensign has observed a pattern of abnormal queries on public DNS servers through its DNS Anomaly Behavioural Model, a proprietary tool of Ensign Labs team. The anomalies included sharp spikes of DNS requests within a short time-frame, and a sequence of suspicious DNS queries with no subsequent TCP/UDP traffic upon resolution of the domain name. Our team of analysts investigated the anomalies further, and the details of the analysis can be found in this report.
&nbsp;
Highlights from the advisory include:
<ul>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Insights on the suspicious DNS requests</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Details of the public web storage site housing the DNS queries</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Network profile analysis</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Conclusion and recommendations</li>
</ul>
</ul>
</ul>
</ul>
</ul>

Ensign Labs' DNS anomaly behavioural model detects suspicious DNS queries.

Driven by the Industrial Internet of Things (IIoT), the convergence of IT and OT has brought about radical changes and improvements in gathering data that helps organisations in their decision-making, as well as in monitoring their performance and environments. But while such efficiencies increase, so do the associated risks due to the expanding OT ecosystems&rsquo; attack surfaces.
In the recent webinar, &ldquo;Securing Today&rsquo;s OT Environments&rdquo;, Ensigns&rsquo; panel of experts shared their real-world experiences and expertise on the subject, as well as the best practices for mitigating the evolving threats.
&nbsp;
The topics of the webinar included:
<ul type="disc">
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; OT Cyber Threat Landscape</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Adoption of security best practices and international standards</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; How to formulate a cohesive IT and OT cybersecurity strategy</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Steps to enhance your cybersecurity maturity</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Emergence of Industrial IoT and its impact on cybersecurity</li>
</ul>
</ul>
</ul>
</ul>
</ul>
</ul>

Gain insights into the risks resulting from the expansion of OT ecosystems’ attack surfaces, and the best practices for mitigating them.

Cyber threats loom larger than before as organisations adopt a hybrid working model, coupled with the need for digital transformation powered by cloud and automation. This in turn sees organisations expand their attack surfaces, which will also result in an increased exposure to cyber threats. The Ensign-IDC Infobrief&nbsp;draws information from Ensign&rsquo;s 2021 Cyber Threat Landscape Report to help CISOs better address cyber risks for their organisations. Download the Infobrief now as we zoom into what stands at the top of the CISO&rsquo;s security agenda. These include:
&nbsp;
<ul style="list-style-position: inside;">
<li>Engendering the trust of the customers by securing customer data, privacy, and experience</li>
<li>Empowering employee flexibility and productivity while meeting security needs</li>
<li>Adopting a secure-by-design hybrid architecture&nbsp;</li>
<li>Developing a trusted secure ecosystem</li>
</ul>

The Ensign-IDC Infobrief looks into the CISO’s (Chief Information Security Officers) agenda. Gain insights into how CISOs are able to better address cyber risks, and understand the importance of an intelligence-led approach to fend off the cyberthreat onslaught.

Commentary: Alvin Lee, Ensign InfoSecurity&rsquo;s Head of Infrastructure Security
Both industrial Internet of Things (IIoT) and operational technology (OT) belong to the category of cyber-physical systems (CPS) as they share an infrastructure that straddles between the physical and digital world. As such, the cyber risks that these systems are exposed to will continue to grow as more IoT devices become connected to the OT systems. This greatly expands organisations' digital attack surfaces that threat actors can exploit to infiltrate critical infrastructures. At the same time, many OT systems are traditionally designed to focus on safety and reliability, with very little consideration on security by design. Consequently, the confluence of OT and IT systems introduces a plethora of vulnerabilities to IoT/OT infrastructures, and exposes them to an unprecedented level of cyber risk.
The CPS&rsquo; vulnerability to cyber attacks, and the huge damage these attacks can potentially inflict on the physical world make these systems very attractive targets to certain groups of threat actors. Any successful cyber attack against IIoT and OT systems can result in grave, real-world consequences, including the loss of lives, safety failures, service disruptions and production downtime.
In 2020 alone, Israel&rsquo;s water management facilities were hit by two cyber attacks, where the command and control systems of wastewater treatment plants, pumping stations, and sewage were compromised. Honda Motor also experienced a cyberattack that brought global operations to a halt, including the car factories in Ohio and Turkey, as well as at motorcycle plants in India and South America.
Evidently, organisations will need to adopt new cyber security approaches to mitigate the IIoT and OT risks and strengthen their security posture. It begins with formulating a long-term, effective strategy that embraces a fundamental Zero-Trust mindset for users of IIoT and OT systems, and other devices.
Creating a Zero Trust architecture requires organisations to have an in-depth understanding of all IIoT and OT systems on the network, including the identity of every device that touches the network, business context, traffic flows and resource dependencies. This enables organisations to make context-based segmentation decisions that would reduce business risk without unduly impacting availability. Organisations can consider using agentless device visibility and continuous network monitoring for IIoT and OT devices to achieve this.&nbsp;
Organisations should also look at enforcing privileged access to critical IT and OT infrastructure; and segment IIoT devices and OT systems into appropriate zones and conduits to reduce the impact radius in the event of a cyber breach. Additionally, organisations should look at containing vulnerable devices, legacy applications and operating systems that cannot be patched or taken offline within separate zones to reduce the attack surface.
&nbsp;

Alvin Lee, Ensign InfoSecurity's Head of Infrastructure Security highlights the importance of protecting cyber-physical systems against cyber attacks.

Embrace the power of Zero Trust Architecture (ZTA) for robust cybersecurity. With strict access controls and continuous verification, ZTA eliminates inherent trust in users and devices, ensuring secure networks regardless of their location.
&nbsp;
Watch the informative video to learn about key elements like least privilege access control, continuous monitoring, and more.

Embrace the power of Zero Trust Architecture for robust cybersecurity.

In a recent live interview with&nbsp;MONEYFM 89.3, our resident expert &ndash; Low Chee Juee (Vice President of Consulting), shared key findings of the Ensign Threat Landscape Report 2020. Listeners of the&nbsp;Prime Time&nbsp;show learnt more about the top threat vectors and most targeted industries in 2019, and how enterprises can protect themselves as the cyber threat landscape continues to evolve rapidly. He also discussed the potential risks arising from the current pandemic situation, as well as the rollout of 5G.
Here are some highlights from the interview:
<ul type="disc">
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Sharing of the top cyber threat vectors and most targeted industries in 2019</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Details on APT32 &ndash; the largest threat actor in the region</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; The evolution of cyber attacks in today&rsquo;s climate</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Practices that organisations should adopt in the face of digitalisation and rise of 5G</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Essential cyber security strategy practices</li>
</ul>
</ul>
</ul>
</ul>
</ul>
</ul>

Our resident expert, Low Chee Juee, shared key findings of the Ensign Threat Landscape Report 2020 in an interview with MONEYFM 89.3.

The Personal Data Protection (Amendment)&nbsp;Bill, which was introduced on 2 Nov 2020, aims to help businesses securely harness data for new business opportunities and, at the same time, strengthen their data security practices needed in the ever-evolving cyber threat environment.
&nbsp;
Under the Amendment Bill, new sets of regulations will be imposed, such as the Mandatory Data Breach Notification that requires organisations doing business in Singapore to report the occurrence of any notifiable data breach to the PDPC within 72 hours. The maximum financial penalty for failing to provision data protection will also be raised to 10% of an organisation's annual turnover in Singapore or SGD1,000,000, whichever is higher.
&nbsp;
Jointly organised by Ensign and SMU School of Law, to learn more about:
<ul type="disc">
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Legal implications of the Personal Data Protection (Amendment)&nbsp;Bill</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Key policy changes and their impact to organisational procedures</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; How to manage and respond effectively to data breach incidents​​​​​​​​​​​​</li>
<li style="display: flex; align-items: flex-start;">&nbsp;</li>
</ul>
</ul>
</ul>
</ul>

Learn about the legal implications of the PDPA Amendment Bill, key policy changes and the impact to organisational procedures, as well as how to manage and respond effectively to data breach incidents.

The unfortunate truth about cyber attacks is&nbsp;that, sometimes, they are successful. This could be due to organisations&rsquo; lack of cybersecurity controls, inadequate cyber hygiene practices, poor cyber crisis management, or the lack of resources in&nbsp;combating highly&nbsp;resourced and sophisticated threat actors. This was the case of a&nbsp;BlackCocaine&nbsp;ransomware attack which occurred in a banking and financial software company.
&nbsp;
The Ensign Hunt and Incident Response Operations (HIRO) team was activated to investigate.&nbsp;It provided support to the targeted company, deploying&nbsp;containment measures to mitigate the impact of the breach. Download the case study to learn more.

This case study looks into a BlackCocaine ransomware attack that hit a banking and financial software company. Gain insights into how Ensign’s Hunt and Incident Response Operations (HIRO) team deployed containment measures to mitigate the impact of the breach.

The Monetary Authority of Singapore released the revised Technology Risk Management Guidelines (MAS-TRMG) in January 2021&nbsp;to establish stronger governance, and strengthen cyber resiliency in the financial sector. It&rsquo;s aimed at combating the industry&rsquo;s evolving cyber threats, and minimising risks to supply chains.&nbsp;This guide discusses the key changes in the revised MAS-TRMG, and Ensign&rsquo;s recommendations.
&nbsp;Highlights of the eBook include:
<ul type="disc">
<li>12 key changes of the revised MAS-TRMG</li>
<li>What financial institutions need to look out for</li>
<li>How Ensign can help</li>
</ul>
&nbsp;Download our eBook to find out more.
&nbsp;

Download the eBook to find out more about the 12 key changes of the revised MAS-TRM Guidelines, along with Ensign’s recommended approach.

Situation
Singtel, a major internet service provider in Singapore, shared on its website on 11 February 2021 that a nearing end-of-life third-party file-sharing system provided by Accellion called FTA (File Transfer Application) has been illegally accessed by unidentified hackers. There is an alleged SQL injection vulnerability on Accellion FTA that an adversary can exploit to install a web shell on the victim&rsquo;s system. A web shell is a malicious script that typically includes different functionalities such as file listing, downloading of files and clean-up on compromised system. An adversary can make use of the web shell to gain control of the server to perform various activities on the file sharing server leading to a potential data breach.
Our Actions
<ul type="disc">
<li data-list="1" data-level="1">We have reviewed the indicators of compromise, and our SOCs have been tasked to support affected clients in threat identification as required.&nbsp;</li>
<li data-list="1" data-level="1">We do not operate any Accellion systems and are reviewing the use of file transfer type applications within our organisation.</li>
<li data-list="2" data-level="1">Deep analysis will be conducted to uncover attack trends, patterns and TTPs (tactics-techniques-procedures) as information becomes available - these insights will be shared when ready.</li>
</ul>
Our Recommendations
<ul type="disc">
<li>For organisations who are using the Accellion FTA, we recommend that you apply the latest fixes and patches&nbsp;to Accellion FTA.&nbsp;If an update or migration is not possible, we advise you&nbsp;to disable and isolate systems hosting the FTA software.&nbsp;</li>
<li>Ensure that your anti-virus, endpoint protection and firewall applications are updated with the latest definition so that your systems can be protected against new cyber threats.&nbsp;</li>
<li>Perform application and network log reviews to identify possible data exfiltration such as abnormal file size transfer or unusual network connections.&nbsp;</li>
<li>Assess the need to store, handle or transfer sensitive and personal data (e.g. customer database or CVs of job applications) on web and/or publicly accessible servers.</li>
<li data-list="0" data-level="1">Please refer to the following links for more in-depth recommendations:</li>
<ul type="circle">
<li data-list="0" data-level="2">Guidepoint:&nbsp;<a href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.guidepointsecurity.com%2Faccellion-fta-targeted-by-file-downloading-web-shell%2F&amp;data=04%7C01%7Cjeslyn_teo%40ensigninfosecurity.com%7C720ffbd4f5d14117a20908d8ce52ddce%7Cd5cb08f4d38848b2bc028ecce3c63fce%7C1%7C0%7C637486202614175751%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=FZie4IWn7FpfEX9rvlz4r7k0gGaieIqRCiS4ozs4asg%3D&amp;reserved=0" data-sf-ec-immutable="">https://www.guidepointsecurity.com/accellion-fta-targeted-by-file-downloading-web-shell/</a></li>
</ul>
</ul>
As investigations are underway, we are expecting additional malware and TTPs to be uncovered. We will continue to provide updates on the incident, and inform you about additional recommendations.
If you suspect that you could have been affected by the incident, you can contact us for digital forensic and incident response services. You can take preemptive measures to protect your assets against new and unknown threats through our threat hunting and threat intelligence programme. Contact us at&nbsp;<a href="mailto:marketing@ensigninfosecurity.com" data-sf-ec-immutable="">marketing@ensigninfosecurity.com</a>&nbsp;for more information.&nbsp;

Ensign's plans and procedures in response to the recent breach involving Accellion.

The Situation On 9 February 2021, Palo Alto&lsquo;s threat intelligence team Unit 42 disclosed the discovery of BendyBear &ndash; a highly sophisticated cyber espionage tool. BendyBear is alleged to have similarity in code behaviour and features as that of the WaterBear malware family, which was used by cyber espionage group BlackTech. BendyBear is an updated version designed to work with modern 64-bit systems. It uses anti-forensic techniques and the malicious payload is loaded in memory, thus making it challenging to detect. Its main function is to download more malicious payloads from attacker&rsquo;s controlled command and control (C2) server.&nbsp;
Our&nbsp;Commitment We expect more updates on BendyBear, and will continue to keep a close watch and provide relevant insights and recommendations to the community. Throughout this festive period, Ensign continues to be available to clients who require assistance on any cyber-related matters. Our Actions
Ensuring our customers are secured - Security of our clients is key
<ul type="disc">
<li>Our SOCs have updated our detection capabilities based on the latest IOCs published, and we have compressed our in-house SOC processes to review and update such detection rules to keep pace with the rollout of such information.</li>
<li>We continue to maintain timely patch updates for our critical systems to ensure that we eradicate known vulnerabilities in our environment.&nbsp;</li>
<li>Our SOCs have been tasked to support clients who may be affected in threat identification, if&nbsp;required.&nbsp;</li>
</ul>
&nbsp;Enhanced Monitoring
<ul type="disc">
<li>We are stepping up our SOC operations to keep tabs of the evolving situation, and handle any response actions required.&nbsp;</li>
<li>Deep analysis is ongoing to uncover attack trends, patterns and TTPs (tactics-techniques-procedures) - these insights will be shared when ready.&nbsp;</li>
</ul>
&nbsp;Our Recommendations
<ul type="disc">
<li>Review and update existing security rulesets with relevant indicators of compromise to identify suspicious activities.</li>
<li>Review network logs to identify TCP port 443 traffic that does not conform to proper SSL or any other known applications.</li>
<li>Where feasible, block unknown outbound TCP traffic in security policies.</li>
<li>Keep up with software updates, and mitigate identified critical vulnerabilities.</li>
<li>Enhance perimeter and endpoint defence with whitelisting, behaviour analysis and sandboxing techniques using advanced endpoint &amp; network security solutions.</li>
<li>Please refer to the following links for more in-depth information on BendyBear:</li>
<ul type="circle">
<li>Palo Alto :&nbsp;<a href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fblog.paloaltonetworks.com%2F2021%2F02%2Fu42-bendybear%2F&amp;data=04%7C01%7Cjeslyn_teo%40ensigninfosecurity.com%7Cc83a17f4a67c4e6a92ab08d8cef5df68%7Cd5cb08f4d38848b2bc028ecce3c63fce%7C1%7C0%7C637486902710791189%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=4WhMTgp5iKmA1M6AjpNyxxSk5J%2Bs2YFJqbJppyVIHnw%3D&amp;reserved=0" data-sf-ec-immutable="">https://blog.paloaltonetworks.com/2021/02/u42-bendybear/</a></li>
<li>Palo Alto :&nbsp;<a href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Funit42.paloaltonetworks.com%2Fbendybear-shellcode-blacktech%2F&amp;data=04%7C01%7Cjeslyn_teo%40ensigninfosecurity.com%7Cc83a17f4a67c4e6a92ab08d8cef5df68%7Cd5cb08f4d38848b2bc028ecce3c63fce%7C1%7C0%7C637486902710801144%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=UY8gKjxfb5Pxmro5lUZx4XK7YTJThMOgBawJQz931tI%3D&amp;reserved=0" data-sf-ec-immutable="">https://unit42.paloaltonetworks.com/bendybear-shellcode-blacktech/</a></li>
</ul>
</ul>
We are expecting additional IOCs and TTPs to be uncovered. We will continue to provide updates on the incident, and inform you about additional information.
If you suspect that you could have been affected by the malware, you can contact us for digital forensic and incident response services. You can take preemptive measures to protect your assets against new and unknown threats through our threat hunting and threat intelligence programme.&nbsp;&nbsp;Contact us at&nbsp;<a href="mailto:Marketing@ensigninfosecurity.com" data-sf-ec-immutable="">marketing@ensigninfosecurity.com</a>&nbsp;for more information.
&nbsp;

Ensign's plans and procedures in response to BendyBear.

The Situation
Multiple firmware vulnerabilities had been discovered in the Dell BIOSConnect feature available on multiple models of consumer and business laptops, desktops, tablets, including devices protected by Secure Boot and Secured-core PCs. Normally, this feature is used to update the system firmware or perform OS recovery, however vulnerabilities that exist, would enable an attacker to remotely execute code in the pre-boot environment.
Dell recommends that users disable and avoid using BIOSConnect firmware update, OS recovery, and HTTPS boot features manually from the BIOS setup menu or the Dell Command Control remote system management tool. When available, customers should apply the BIOS updates for their system via an executable from the OS after manually checking the hashes against those published by Dell other than BIOSConnect. The History
Firmware attacks targeting enterprises are up over the past two years and they have become a&nbsp;hot target for cybercrime as operating systems become more secure, attackers are increasingly shifting their attention to firmware, which is less visible, more fundamental and rarely well protected
The TrickBot malware which has been around since 2016, and evolving over time had in 2020, added a module&nbsp;to inspect devices for firmware vulnerabilities that could enable attackers to read, write, or erase the UEFI/BIOS firmware. In 2019, Asus computers were also targeted by hackers (now known as ShadowHammer) in the form of a malicious firmware update. In October 2018, a rare&nbsp;firmware rootkit&nbsp;was detected targeting diplomats and nongovernmental organisations. Russian advanced persistent threat group Sednit deployed the first firmware-level rootkit&nbsp;seen in the wild.
What we are seeing are attacks based on exploiting hardware designs and what differentiates this type of attacks is that consumers don&rsquo;t have any control over the hardware design and manufacturing. The shift in attackers focus are becoming more prevalent as OS becomes more secure and firmware remains less visible and rarely well protected.&nbsp;
 Ensign Posture &amp; Monitoring
Ensign InfoSecurity provides a complete inventory and health check for enterprise firmware and hardware components.
In addition, with regular vulnerability scanning of these components, we enable any organisation to extend its visibility and security beyond the traditional endpoints.
Ensign has in place a well-defined enterprise security vulnerability management framework where configuration and patches are dutifully tested and rolled out as they become available. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Ensign has also stepped up monitoring operations and will advise clients of any anomalies detected from the monitored event logs.
 Our Recommendations
<ul type="disc">
<li>For those using Dell hardware that are not enterprise-managed:</li>
<ul type="circle">
<li>Immediately disable Dell BIOSConnect, OS recovery, and HTTPS boot features feature from the BIOS setup page</li>
<li>Do not run &ldquo;BIOS Flash Update &ndash; Remote&rdquo; until the system is updated with a remediated version of the BIOS</li>
<li>Patch Dell&rsquo;s firmware via an executable from the OS after manually checking the hashes against those published by Dell</li>
</ul>
</ul>
(Refer to Dell&rsquo;s webpage for detailed info at&nbsp;<a href="https://www.dell.com/support/kbdoc/en-au/000188682/dsa-2021-106-dell-client-platform-security-update-for-multiple-vulnerabilities-in-the-supportassist-biosconnect-feature-and-https-boot-feature" data-sf-ec-immutable="">https://www.dell.com/support/kbdoc/en-au/000188682/dsa-2021-106-dell-client-platform-security-update-for-multiple-vulnerabilities-in-the-supportassist-biosconnect-feature-and-https-boot-feature</a>)
<ul type="disc">
<li>For those using Dell hardware that are enterprise-managed:</li>
<ul type="circle">
<li>Inform respective IT team to see if you are affected and await further instructions for the fix </li>
</ul>
<li>Know your assets to increase your visibility into your network</li>
<ul type="circle">
<li>Use device discovery and find affected devices on your network for remediation/mitigation</li>
<li>Put in place a hardware and software inventory tracking system </li>
</ul>
<li>Implement a stringent vulnerability and patch process especially for Internet connected systems </li>
<li>Keep systems fully patched at all levels, OS, application and firmware</li>
</ul>
<ul>
<li>Enable platform security features such as Secure Boot and BIOS Admin Password </li>
<li>Regularly conduct vulnerability scanning </li>
<li>Scan your environment for indicators of compromise (IOC) where available</li>
</ul>
Ensign will continue to provide updates on the incident and inform you of additional recommendations. We can help you to secure your firmware/hardware security. If you suspect that you have been compromised, you can contact us for digital forensic and incident response services. You can also take&nbsp;preemptive&nbsp;measures to protect your assets against new and unknown threats through our threat hunting and threat intelligence programme. Contact us at&nbsp;<a href="mailto:marketing@ensigninfosecurity.com" target="_blank" rel="noopener" data-sf-ec-immutable="">marketing@ensigninfosecurity.com</a>&nbsp;for more information.&nbsp; References:
<a href="https://eclypsium.com/2021/06/24/biosdisconnect/" data-sf-ec-immutable="">https://eclypsium.com/2021/06/24/biosdisconnect/</a>
<a href="https://www.bleepingcomputer.com/news/security/dell-supportassist-bugs-put-over-30-million-pcs-at-risk/" data-sf-ec-immutable="">https://www.bleepingcomputer.com/news/security/dell-supportassist-bugs-put-over-30-million-pcs-at-risk/</a>
<a href="https://cromwell-intl.com/cybersecurity/hardware.html" data-sf-ec-immutable="">https://cromwell-intl.com/cybersecurity/hardware.html</a>
<a href="https://www.csoonline.com/article/3410046/hardware-and-firmware-vulnerabilities-a-guide-to-the-threats.html" data-sf-ec-immutable="">https://www.csoonline.com/article/3410046/hardware-and-firmware-vulnerabilities-a-guide-to-the-threats.html</a>
<a href="https://www.techrepublic.com/article/microsofts-new-security-tool-will-discover-firmware-vulnerabilities-and-more-in-pcs-and-iot-devices/" data-sf-ec-immutable="">https://www.techrepublic.com/article/microsofts-new-security-tool-will-discover-firmware-vulnerabilities-and-more-in-pcs-and-iot-devices/</a>

Hardware / Firmware Vulnerabilities discovered in over 100 Dell models.

The Situation&nbsp;
On Friday&nbsp;2&nbsp;July&nbsp;2021, Kaseya reported that&nbsp;its VSA Remote Monitoring and Management Software has been compromised to distribute&nbsp;REvil&nbsp;ransomware to multiple managed services providers running the software, potentially infecting unspecified numbers of their 40,000 installed customer base.&nbsp;
The malware appears to have been delivered through an automatic update of the Kaseya VSA client management and monitoring software.&nbsp; According to Kaseya, it affects only Kaseya VSA software running on on-premise servers while SaaS versions remain unaffected.&nbsp; Kaseya has issued a security advisory warning its customers to immediately shut down their on-premise VSA servers to prevent the attack from spreading.
&nbsp;
Managed Malware Delivery&nbsp;
The&nbsp;researchers&rsquo;&nbsp;current&nbsp;breakdown of the attack has shown that the outbreak was delivered via a malicious update payload&nbsp;sent to&nbsp;VSA servers, and in&nbsp;turn,&nbsp;to the VSA agent applications running on managed Windows devices.
This was achieved using a zero-day exploit of the server platform&nbsp;for&nbsp;which&nbsp;Kaseya was rushing&nbsp;out a patch.&nbsp;This vulnerability gave REvil cover in several ways: It&nbsp;allowed initial compromise through a trusted channel, and leveraged trust in the VSA agent code&mdash;reflected in<a style="color: blue;" title="https://helpdesk.kaseya.com/hc/en-gb/articles/229014948-Anti-Virus-Exclusions-and-Trusted-Apps" href="https://helpdesk.kaseya.com/hc/en-gb/articles/229014948-Anti-Virus-Exclusions-and-Trusted-Apps" target="_top" data-sf-ec-immutable="">&nbsp;anti-malware software exclusions that Kaseya require</a>s&nbsp;for&nbsp;setting up its&nbsp;application and agent &ldquo;working&rdquo; folders. Anything executed by the Kaseya Agent Monitor&nbsp;was therefore ignored because of those exclusions&mdash;which allowed REvil to deploy its dropper without scrutiny.
More details on the anatomy of attack can be found at:
<a style="color: blue;" title="https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/" href="https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/" data-sf-ec-immutable="">https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/</a>
&nbsp;
The History&nbsp;
REvil recruits affiliates to distribute the&nbsp;ransomware&nbsp;for them and are thought to be based in&nbsp;Russia&nbsp;due to the fact that the group does not target Russian&nbsp;organisations.&nbsp;&nbsp;
Ransomware code used by REvil resembles the code used by&nbsp;DarkSide, suggesting that DarkSide could be a partner of REvil.&nbsp;REvil and Darkside use similarly structured ransom notes and the same code to check that the victim is not located in a&nbsp;Commonwealth of Independent States&nbsp;(CIS) country.&nbsp;
Cybersecurity experts believe REvil is an offshoot from a previous notorious, but now-defunct hacker gang, GandCrab.&nbsp;This is suspected due to the fact that REvil first became active directly after GandCrab shutdown, and that the ransomware both share a significant amount of code.&nbsp;
&nbsp;
Ensign's Posture&nbsp;
Ensign has stepped up monitoring and checks to ensure the security of our clients.&nbsp;&nbsp;Ensign&rsquo;s managed detection and response and AI-based cyber analytics can help&nbsp;clients detect&nbsp;and prevent the execution of ransomware.&nbsp; Our Managed Security Services are unaffected by the compromise of Kaseya VSA. &nbsp;Ensign will continue to provide updates on the incident and inform you of additional recommendations.
 Our Recommendations&nbsp;
<ul type="disc">
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Users of Kaseya VSA to&nbsp;immediately&nbsp;shut down&nbsp;your VSA server until further notice from Kaseya, meanwhile existing customers are encouraged to get the &ldquo;Compromise Detection Tool&rdquo; by sending an email&nbsp;<a href="mailto:support@kaseya.com" data-sf-ec-immutable="">support@kaseya.com</a>&nbsp;to begin recovery process if impacted</li>
<li style="display: flex; align-items: flex-start;">&nbsp;</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull;&nbsp;&nbsp; Scan your endpoints/network for indicators of compromise (IOC) <a href="https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_progress/" data-sf-ec-immutable="">https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_progress/</a> <a href="https://www.joesandbox.com/analysis/809013#iocs" data-sf-ec-immutable="">https://www.joesandbox.com/analysis/809013#iocs</a> <a href="https://github.com/pgl/kaseya-revil-cnc-domains/blob/main/revil-kaseya-cnc-domains.txt" data-sf-ec-immutable="">https://github.com/pgl/kaseya-revil-cnc-domains/blob/main/revil-kaseya-cnc-domains.txt</a>&nbsp; </li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Enable tamper protection for Windows Defender because the ransomware attempts to disable Windows Defender -&nbsp;<a href="https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide" data-sf-ec-immutable="">https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection?view=o365-worldwide </a></li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Take reference from CISA recommendations to review your&nbsp;systems,&nbsp;and apply mitigating measures to reduce the risk of compromise by ransomware&nbsp;&nbsp; </li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Implement security solutions to segregate and protect your environment (e.g.&nbsp;firewalls, proxies, web filtering, mail filtering, endpoint detection and response)&nbsp; </li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Maintain a ransomware-resilient backup strategy with at least a copy&nbsp;offline </li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Keep systems fully patched&nbsp;</li>
<li style="display: flex; align-items: flex-start;">&nbsp;</li>
</ul>
</ul>
</ul>
</ul>
</ul>
</ul>
</ul>
</ul>
Please contact us for further assistance if required, or for further advice on how to strengthen your security posture against similar incidents.&nbsp; Contact us at&nbsp;<a style="color: blue;" href="mailto:marketing@ensigninfosecurity.com" data-sf-ec-immutable="">marketing@ensigninfosecurity.com</a>&nbsp;for more information.&nbsp;&nbsp;
&nbsp;
References:&nbsp;
<a style="color: blue;" href="https://www.kaseya.com/potential-attack-on-kaseya-vsa/" data-sf-ec-immutable="">https://www.kaseya.com/potential-attack-on-kaseya-vsa/</a>&nbsp;
<a style="color: blue;" href="https://us-cert.cisa.gov/ncas/current-activity/2021/07/02/kaseya-vsa-supply-chain-ransomware-attack" data-sf-ec-immutable="">https://us-cert.cisa.gov/ncas/current-activity/2021/07/02/kaseya-vsa-supply-chain-ransomware-attack</a>&nbsp;
<a style="color: blue;" href="https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_progress/" data-sf-ec-immutable="">https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_progress/</a>&nbsp;
<a style="color: blue;" href="https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-200-companies-in-msp-supply-chain-attack/" data-sf-ec-immutable="">https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-200-companies-in-msp-supply-chain-attack/</a>&nbsp;
<a style="color: blue;" href="https://www.theverge.com/2021/7/2/22561252/revil-ransomware-attacks-systems-using-kaseyas-remote-it-management-software" data-sf-ec-immutable="">https://www.theverge.com/2021/7/2/22561252/revil-ransomware-attacks-systems-using-kaseyas-remote-it-management-software</a>&nbsp;
<a style="color: blue;" href="https://www.itnews.com.au/news/kaseya-supply-chain-ransomware-attack-hits-msp-customers-566858" data-sf-ec-immutable="">https://www.itnews.com.au/news/kaseya-supply-chain-ransomware-attack-hits-msp-customers-566858</a>&nbsp;

We would like to share with you the plans and procedures we've put in place in response to the cyber attack campaign&nbsp;operated by threat actor group, NOBELIUM.&nbsp;
&nbsp;
The Situation Microsoft Threat Intelligence Center (MSTIC) has uncovered an evolving and sophisticated wide-scale malicious email campaign operated by NOBELIUM, the group behind last year's SolarWinds supply chain attack. It was observed that the campaign operated since January 2021 with the group evolving its attack tactics in delivering the malicious package.&nbsp; Like most phishing tactics, the attackers attempt to lure users into opening the e-mail, followed by either opening a malicious file or clicking a malicious link.&nbsp;An example of&nbsp;this&nbsp;nature&nbsp;included e-mails purportedly originating from the USAID government agency with a lure referencing foreign threats to the 2020 US Federal Elections. It contained a malicious link that would result in a redirection request to download an ISO file&nbsp;on&nbsp;to&nbsp;the victims system. The ISO file contained both decoy and malicious files.&nbsp;If&nbsp;an&nbsp;unsuspecting victim&nbsp;opened&nbsp;the malicious files, the malware infection&nbsp;would&nbsp;begin, providing persistent remote access to the attackers.&nbsp; Interestingly,&nbsp;the phishing message and delivery method were&nbsp;not the only evolving factors&nbsp;in the campaign. In one of the more targeted waves, no ISO payload was delivered, but additional profiling of the target device was performed by an actor-controlled web server after a user clicked the link. If the device targeted was an Apple iOS device, the user was redirected to another server under NOBELIUM control, where the since-patched zero-day exploit for CVE-2021-1879 was served.&nbsp; The History NOBELIUM, a group connected to Russia, has historically targeted government&nbsp;and non-government&nbsp;organisations, think tanks, military, IT service providers, health technology and research, and telecommunications providers. In this case, Microsoft&nbsp;reported&nbsp;at least a quarter of targets work with international development, humanitarian, and human rights work. The phishing attack has so far targeted some 3,000 accounts at more than 150&nbsp;organisations&nbsp;across multiple&nbsp;industries&nbsp;based in the United States and Europe. The victims span 24 countries, though most attacks were aimed at the US.&nbsp; The following industries&nbsp;have been&nbsp;observed&nbsp;being&nbsp;targeted thus far:&nbsp;
<ul type="disc">
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; NGOs</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Research Institutions</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Government Agencies</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; International Agencies</li>
</ul>
</ul>
</ul>
</ul>
</ul>
&nbsp;&nbsp;&nbsp;
Microsoft further noted that this campaign differs significantly from NOBELIUM operations that ran from September 2019 until January 2021, which included the compromise of the SolarWinds Orion platform. It is likely that these observations represent changes in the actor&rsquo;s tradecraft and possible experimentation following widespread disclosures of previous incidents.&nbsp; Ensign Posture &amp; Monitoring Ensign has stepped up monitoring operations for our clients for both cloud and on-premise infrastructure. Our Managed Detection and Response platform and our proprietary machine learning analytics can detect and block malicious artifacts. Coupled with network layer defence, our protection controls prevent applications or users from accessing malicious sites. We have performed rounds of checks to verify security configurations and patches are up-to-date.&nbsp; Our Recommendations
<ul type="disc">
<ul style="list-style-position: inside;">
<ul style="list-style-position: inside;">
<ul style="list-style-position: inside;">
<ul type="disc">
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Keep systems fully patched.</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Scan your environment for indicators of compromise (IOC) &ndash; see Microsoft Reference below.</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Turn on cloud-delivered protection in your anti-virus software to cover rapidly evolving attacker tools and techniques. Cloud-based machine learning protections block a huge majority of new and unknown variants.&nbsp;</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Run Endpoint Detection and Response (EDR) in block mode so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft anti-virus does not detect the threat or when Microsoft Defender Antivirus is running in passive mode (EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach.).&nbsp;</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Enable network protection to prevent applications or users from accessing malicious domains and other malicious content on the Internet.&nbsp;</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Enable investigation and remediation in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume.&nbsp;</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Use device discovery to increase your visibility into your network by finding unmanaged devices on your network and onboarding them to Microsoft Defender for Endpoint.&nbsp;</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Enable multifactor authentication (MFA) to mitigate compromised credentials.&nbsp;</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Turn on the following attack surface reduction rule to block or audit activity associated with this threat: Block all Office applications from creating child processes (assess impact before enabling).&nbsp;</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Regularly conduct security awareness training Ensign will continue to provide updates on the incident and inform you of additional recommendations.&nbsp;</li>
</ul>
</ul>
</ul>
</ul>
</ul>
</ul>
</ul>
</ul>
</ul>
</ul>
</ul>
</ul>
</ul>
</ul>
</ul>
 If you require further cybersecurity advice or services, please contact us at&nbsp;<a style="color: blue;" href="mailto:marketing@ensigninfosecurity.com" data-sf-ec-immutable="">marketing@ensigninfosecurity.com</a>. References:&nbsp; <a style="color: blue;" href="https://beta.darkreading.com/attacks-breaches/solarwinds-attackers-impersonate-usaid-in-advanced-email-campaign" data-sf-ec-immutable="">https://beta.darkreading.com/attacks-breaches/solarwinds-attackers-impersonate-usaid-in-advanced-email-campaign</a> <a style="color: blue;" href="https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/" data-sf-ec-immutable="">https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/</a> <a style="color: blue;" href="https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/" data-sf-ec-immutable="">https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/</a>
&nbsp;

Ensign’s plans and procedures in response to the NOBELIUM threat actor group’s cyber attack campaigns.

The Situation
On 2 March 2021, Microsoft released several security updates for Microsoft Exchange Server 2013, 2016 and 2019 to address vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) that have been used in limited targeted attacks. These vulnerabilities can allow an attacker to gain unauthorised access to mailboxes and perform remote code execution.&nbsp;
Microsoft has detected multiple Zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actors exploited these vulnerabilities to access Exchange Server and install additional malware to facilitate long-term access to victim environments. Webshell was used as a technique to escalate and maintain persistent access on an already compromised exchange server. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to&nbsp;HAFNIUM, based on observed victimology, tactics and procedures. On 4 March and 5 March 2021, Microsoft provided more resources to help customers investigate and identify threats coming from HAFNIUM through indicators of compromise provided in the links below:
<a style="color: blue;" href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsrc-blog.microsoft.com%2F2021%2F03%2F05%2Fmicrosoft-exchange-server-vulnerabilities-mitigations-march-2021%2F&amp;data=04%7C01%7CLeonardo_Jamorabo%40ensigninfosecurity.com%7Cc2a188ad82bc41db136008d8e1e31582%7Cd5cb08f4d38848b2bc028ecce3c63fce%7C1%7C0%7C637507712734917315%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=TdB8qfUdtIZVWSnjEiH2GVpJIiitsu5XByL1tohtzv4%3D&amp;reserved=0" data-sf-ec-immutable="">https://msrc-blog.microsoft.com/2021/03/05/microsoft-exchange-server-vulnerabilities-mitigations-march-2021/</a>
<a style="color: blue;" href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2021%2F03%2F02%2Fhafnium-targeting-exchange-servers%2F%23scan-log&amp;data=04%7C01%7CLeonardo_Jamorabo%40ensigninfosecurity.com%7Cc2a188ad82bc41db136008d8e1e31582%7Cd5cb08f4d38848b2bc028ecce3c63fce%7C1%7C0%7C637507712734927266%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=amIA%2FZzYdJ5v0Ia9tnqTR4r2ZtuJ%2FsZUrWh8Ketwfi0%3D&amp;reserved=0" data-sf-ec-immutable="">https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/#scan-log</a>
&nbsp;
Ensign Posture &amp; Monitoring
Ensign has performed rounds of checks to confirm that the flaw does not affect our infrastructure.&nbsp;
Ensign has also stepped up monitoring operations, and will advise clients of any anomalies detected from the monitored event logs.
 Our Recommendations
<ul type="disc">
<li>Check patch levels and install security patches to fix the vulnerabilities on affected exchange servers. If installation of security patches is not possible, implement IIS Re-Write Rules and disable Unified Messaging (UM), Exchange Control Panel (ECP) VDir, and Offline Address Book (OAB) VDir Services as interim mitigation.</li>
<li>Scan exchange log files for indicators of compromise.</li>
<li>Perform threat hunting on affected servers and network to identify possible compromised system in your organisations.</li>
<li>Harden current security controls (e.g. Endpoint Detection and Response, Firewall, NIDS) to identify and block malicious activities and suspicious outbound traffic to blacklisted C2 infrastructure.</li>
<li>Take reference from CISA recommendations to review your systems and apply mitigating measures on the Microsoft Exchange Server Vulnerabilities (CISA recommendations &ndash;&nbsp;<a style="color: blue;" href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fus-cert.cisa.gov%2Fncas%2Falerts%2Faa21-062a&amp;data=04%7C01%7CLeonardo_Jamorabo%40ensigninfosecurity.com%7Cc2a188ad82bc41db136008d8e1e31582%7Cd5cb08f4d38848b2bc028ecce3c63fce%7C1%7C0%7C637507712734927266%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=fnJ8jpaNsErkNB6k%2BiRkw%2F6dJ1QPz1B9Pt5iNcfMh8Y%3D&amp;reserved=0" data-sf-ec-immutable="">https://us-cert.cisa.gov/ncas/alerts/aa21-062a</a>).</li>
</ul>
Ensign will continue to provide updates on the incident, and inform you of additional recommendations. If you suspect that you have been compromised, you can contact us for digital forensic and incident response services. You can also take preemptive measures to protect your assets against new and unknown threats through our threat hunting and threat intelligence programme. Contact us at <a style="color: blue;" href="mailto:marketing@ensigninfosecurity.com" target="_blank" rel="noopener" data-sf-ec-immutable="">marketing@ensigninfosecurity.com</a>;for more information.
 References:
<a style="color: blue;" href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmsrc-blog.microsoft.com%2F2021%2F03%2F02%2Fmultiple-security-updates-released-for-exchange-server%2F&amp;data=04%7C01%7CLeonardo_Jamorabo%40ensigninfosecurity.com%7Cc2a188ad82bc41db136008d8e1e31582%7Cd5cb08f4d38848b2bc028ecce3c63fce%7C1%7C0%7C637507712734937229%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=FVmNhB8cJQomph2mXLlAm1Jh5Hfb1ZUbNJEh18crreU%3D&amp;reserved=0" data-sf-ec-immutable="">https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/</a>
<a style="color: blue;" href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2021%2F03%2F02%2Fhafnium-targeting-exchange-servers%2F&amp;data=04%7C01%7CLeonardo_Jamorabo%40ensigninfosecurity.com%7Cc2a188ad82bc41db136008d8e1e31582%7Cd5cb08f4d38848b2bc028ecce3c63fce%7C1%7C0%7C637507712734937229%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=5tJQoHaB%2BJqIA0%2FWPOUd3VVRUwNuL6cnB%2F2lSdHTsMk%3D&amp;reserved=0" data-sf-ec-immutable="">https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/</a>
<a style="color: blue;" href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.volexity.com%2Fblog%2F2021%2F03%2F02%2Factive-exploitation-of-microsoft-exchange-zero-day-vulnerabilities%2F&amp;data=04%7C01%7CLeonardo_Jamorabo%40ensigninfosecurity.com%7Cc2a188ad82bc41db136008d8e1e31582%7Cd5cb08f4d38848b2bc028ecce3c63fce%7C1%7C0%7C637507712734947177%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=lSzPM0%2FyEYY9P7GnGD%2BDyVoDA11y2s1F8lWLl5v1blQ%3D&amp;reserved=0" data-sf-ec-immutable="">https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/</a>

Ensign's plans and procedures in response to the Microsoft exchange server vulnerabilities which compromised over 20,000 organisations.

Situation
A cyber attack on Friday has crippled critical infrastructure in the US.&nbsp; It caused&nbsp;Colonial Pipeline, the source of nearly half the US East Coast&rsquo;s fuel supply&nbsp;to shut down 5,550 miles of pipe, stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. &nbsp;The relatively new ransomware group known as&nbsp;DarkSide&nbsp;targeted attacks against their information technology (IT) network. Currently, there is no indication that their operational technology (OT) networks have been directly affected by the ransomware.
Like other ransomware platforms, DarkSide adheres to the current best practice of double extortion, demanding separate sums to unlock any files and servers, and promise to destroy any data stolen from the victim.
After gaining an initial foothold in the network, the attackers collect files and credentials, and exfiltrate them. They then use PowerShell to download the ransomware binary and proceed to move laterally with the main goal of conquering the Domain Controller (DC). After exfiltrating all sensitive information, they then distribute the binary to other assets in the environment, encrypting sensitive data such as finance, private information and partners documents for maximum damage.
&nbsp;
Background
First surfacing on Russian language hacking forums in August 2020, DarkSide is a ransomware-as-a-service platform that cybercriminals can use to infect companies with ransomware and carry out negotiations and payments with victims.&nbsp;DarkSide says it targets only big companies, and forbids affiliates from attacking certain industries, including healthcare, funeral services, education, public sector and non-profits.
DarkSide has shown itself to be ruthless with victim companies that have deep pockets. In January 2021, a negotiation was observed between the DarkSide crew and a $15 billion U.S. victim company that was hit with a $30 million ransom demand.
A cyber threat intel vendor had assessed (finding at &ldquo;moderate&rdquo; confidence) that some of the criminals behind DarkSide hail from another ransomware outfit called &ldquo;REvil,&rdquo; a.k.a. &ldquo;Sodinokibi&rdquo;. REvil&nbsp;is widely considered to be the newer name for GandCrab, a ransomware-as-a-service offering that closed shop in 2019 after bragging that it had extorted more than $2 billion.
&nbsp;
Ensign Posture &amp; Monitoring
Ensign provides advanced cybersecurity services which can detect and prevent the execution of ransomware such as this incident. &nbsp;Ensign has stepped up monitoring operations, and will advise clients of any anomalies detected from the monitored event logs.&nbsp; We have performed rounds of checks to verify security configurations are up-to-date.
&nbsp;
Our Recommendations
<ul>
<li>CII asset owners and operators to adopt a heightened state of awareness</li>
<li>Keep systems fully patched</li>
<li>Regularly backup files remotely</li>
<li>Implement security solutions to segregate and protect your environment (e.g. firewalls, proxies, web filtering, mail filtering, endpoint detection and response)</li>
<li>Scan your endpoints for indicators of compromise (IOC) -&nbsp;<a href="https://otx.alienvault.com/pulse/60821a187be8d208269c103c" data-sf-ec-immutable="">https://otx.alienvault.com/pulse/60821a187be8d208269c103c</a></li>
<li>Take reference from CISA recommendations to review your systems and apply mitigating measures to reduce the risk of compromise by ransomware &ndash;&nbsp;<a href="https://us-cert.cisa.gov/sites/default/files/2021-05/AA21-131A_DarkSide_Ransomware.pdf" data-sf-ec-immutable="">https://us-cert.cisa.gov/sites/default/files/2021-05/AA21-131A_DarkSide_Ransomware.pdf</a>. &nbsp;&nbsp;</li>
</ul>
&nbsp;
Ensign will continue to provide updates on the incident and inform you of additional recommendations. If you suspect that you have been compromised, you can contact us for digital forensic and incident response services. You can also take&nbsp;preemptive&nbsp;measures to protect your assets against new and unknown threats through our threat hunting and threat intelligence programme. Contact us at&nbsp;<a href="mailto:marketing@ensigninfosecurity.com" target="_blank" rel="noopener" data-sf-ec-immutable="">marketing@ensigninfosecurity.com</a>&nbsp;for more information.&nbsp;
&nbsp;
References:
<a style="color: blue;" href="https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/" data-sf-ec-immutable="">https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/</a>
&nbsp;
<a style="color: blue;" href="https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware" data-sf-ec-immutable="">https://www.cybereason.com/blog/cybereason-vs-darkside-ransomware</a>
&nbsp;
<a style="color: blue;" href="https://www.hstoday.us/subject-matter-areas/infrastructure-security/darkside-ransomware-cisa-fbi-advisory-on-best-practices-for-preventing-business-disruption-from-ransomware-attacks/" data-sf-ec-immutable="">https://www.hstoday.us/subject-matter-areas/infrastructure-security/darkside-ransomware-cisa-fbi-advisory-on-best-practices-for-preventing-business-disruption-from-ransomware-attacks/</a>

Ensign's plans and procedures in response to Darkside Ransomware.

As cybersecurity challenges grow, traditional tools struggle with the vast amount of data and increasingly sophisticated attacks. Ensign addresses this with AI, which excels at processing large data sets to identify anomalies and cluster related data points. This approach is vital for detecting malicious activities within networks, not just at the perimeter.&nbsp;
&nbsp;
Download the full case study to see how Ensign used AI to enhance cybersecurity and protect against complex threats.&nbsp;
&nbsp;
As featured on Cyber Security Agency of Singapore (CSA)&rsquo;s <a class="text-secondary-B300" href="https://www.csa.gov.sg/Tips-Resource/publications/2024/singapore-cyber-landscape-2023" target="_blank" rel="nofollow noopener">Singapore Cyber Landscape 2023 Report</a>.&nbsp;

As cybersecurity challenges grow, traditional tools struggle with the vast amount of data and increasingly sophisticated attacks. Ensign addresses this with AI, which excels at processing large data sets to identify anomalies and cluster related data points.

Update as of 22 July 2024, 1137hrs
&nbsp;
The Situation
CrowdStrike, a prominent cybersecurity company, released a defective content update to the Falcon sensor product on 19 July 2024, causing widespread disruptions to 8.5 million Windows devices. The glitch led to systems crashing as well as displaying a blue screen error and becoming stuck in rebooting loops.
&nbsp;
The global IT outage had significant economic and societal impacts, highlighting the reliance of enterprises running critical services on CrowdStrike. In the aftermath of the CrowdStrike incident, opportunistic cybercriminals and threat actors wasted no time in attempting to take advantage of the situation.
&nbsp;
There has already been a sharp rise in CrowdStrike-themed domain registrations &ndash; threat actors are registering new websites made to look official and potentially trick IT personnel or members of the public into downloading malicious software or handing over sensitive private details.&nbsp; Unofficial code is being released claiming to help organisations recover from the widespread outages.
&nbsp;

On 19 July 2024, CrowdStrike's defective Falcon sensor update disrupted 8.5 million Windows devices, causing crashes and reboot loops. This global IT outage had significant impacts, leading cybercriminals to exploit the situation with fake CrowdStrike-themed domains, tricking users into downloading malicious software or divulging sensitive information.

Learn how data can be an indispensable tool in the fight against phishing. Gain insights into the role data science plays in detecting threats already entrenched in the digital environment. To find out more, read Frontier Enterprise&rsquo;s article featuring Ensign&rsquo;s Vice-President of Data Science, Quek Han Yang.
&nbsp;
<a style="color: blue;" href="https://ensign.global/43V2GmD" target="_blank" rel="noopener">Click here</a> to read more.

In a Frontier Enterprise article, Ensign’s Data Science Vice-President, Quek Han Yang, elaborates on the role that data plays in building a proactive cybersecurity posture.

It is critical for organisations to double down on immediate actions required to identify systems surrounding the Apache Log4j vulnerability. The initial Apache Log4j vulnerability (CVE-2021-44228) on 9 Dec 2021, which was assigned a maximum CVSS score of 10.0, led to the massive reconnaissance and exploitation activity by threat actors leveraging on the bug. Ensign has published this supplementary threat advisory to complement the&nbsp;<a style="color: blue;" href="/resources/34" data-sf-ec-immutable="">Threat Advisory: Apache Java Logging Library Log4j Critical RCE Vulnerability</a>.
&nbsp;
In this advisory, we answer the top three questions about the impact of the Log4j vulnerability:
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Why the urgency to mitigate and remediate Log4j vulnerability?</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Why is there so much patching to do?</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Do we need to scan our systems using various Log4j scanners?</li>
</ul>
</ul>
</ul>

Gain a better understanding of how and why organisations are doubling down on immediate actions surrounding the Log4J vulnerability.

&nbsp;
Ensign's Head of Advisory and Emerging Business, Gaurav Keerthi, was featured on the Kopi Time podcast with Taimur Baig, Managing Director and Chief Economist at DBS Bank, &nbsp;where they delved into the dynamic and ever-evolving cybersecurity landscape.
&nbsp;
During the conversation, Gaurav shared insights on the intersection of geopolitics and cybersecurity, including the rise of state-sponsored and independent attacks on critical infrastructure such as power grids, healthcare systems, and airports. He also highlighted the implications of advanced technologies like AI and quantum computing, which are both reshaping threats and enabling innovative defence strategies.
&nbsp;
Gaurav emphasised the importance of resilience in cybersecurity&mdash;shifting from the pursuit of perfect immunity to creating systems capable of recovering swiftly after an attack. This approach helps organisations manage risks effectively in an era where cybercrime is a billion-dollar economy.
&nbsp;
🎧 Catch the <a class="text-secondary-B300" href="https://youtu.be/ZNAY-qnKQZY?si=2g87uoeDNldsT5SA" target="_blank" rel="noopener">full episode</a> to explore how technology and strategic risk management are shaping the future of cybersecurity.

Ensign's Head of Advisory and Emerging Business, Gaurav Keerthi, was featured on the Kopi Time podcast with Taimur Baig, Managing Director and Chief Economist at DBS Bank,  where they delved into the dynamic and ever-evolving cybersecurity landscape.

The cybersecurity landscape has become even more daunting in 2020, with events in the recent months posing numerous challenges for organisations. Escalating political tensions, increasing healthcare concerns with COVID-19, and accelerated digitalisation efforts to support remote work and contactless transactions have dramatically transformed digital attack surfaces, impacting technology transformation processes.&nbsp;
&nbsp;
Prepared by Teo Xiang Zheng, Head of Advisory, Ensign Consulting, this report aims to provide insights into the threats and trends observed by Ensign InfoSecurity in the global cyber environment 2020. These include an increase in threat actor activities, incidents of compromise due to expanding digital attack surface, exploitation of the COVID-19 situation and cyber supply chain, as well as threat actor attention paid to contact tracing solutions.
&nbsp;
Highlights of the report include:
<ul>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Summary of the observed threats and trends</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Cybersecurity implications arising from the COVID-19 pandemic</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Suggestions on how to mitigate the threats</li>
</ul>
</ul>
</ul>
</ul>

Learn about the threats and trends observed by Ensign InfoSecurity in 2020, as well as suggestions on how to mitigate them.

The Russia-Ukraine conflict has escalated to the cyberspace, drawing partisan response and actions coming from supporters of the warring nations. The tension has spilt over beyond the area of conflict, and organisations siding with either side must be prepared for potential disruptions to their operations, and other repercussions.
&nbsp;
This Executive Brief contains a comprehensive summary of the threat assessment resulting from observations on the conflict from January to 25 March 2022. It summarises the observed&nbsp;attacks&rsquo; effects and their implications. We have provided recommendations that organisations and businesses can consider to prevent being part of the collateral damage from the conflict.
&nbsp;
This Executive Brief supplements the earlier published technical threat advisory, which can be accessed&nbsp;<a style="color: blue;" title="https://www.ensigninfosecurity.com/analysis-insights/content/2022/02/26/impact-of-cyber-attacks-amidst-ukraine-crisis" href="/resources/41" target="_blank" rel="noopener" data-sf-ec-immutable="">here</a>.

This Executive Brief summarises the observed attacks’ effects and their implications. We have provided recommendations that organisations and businesses can consider to prevent being part of the collateral damage from the conflict.

As businesses in the banking and finance industry transform and introduce more digital platforms to interact with clients, cyber risks have increased in tandem, especially during this unprecedented pandemic period.&nbsp;
&nbsp;
In a recent interview with&nbsp;Thomson Reuters, Ensign&rsquo;s Senior Vice President of Technology &amp; Capabilities, Lee Shih Yen, shared key findings of the Ensign Cyber Threat Landscape Report 2020, and explained why the finance sector remains a lucrative target for cybercriminals.&nbsp;
&nbsp;
Here are some highlights from the interview:
<ul type="disc">
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Top cyber threats faced by organisations in 2019</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; 2020 cybercrime trends, and rise in COVID-19 themed phishing attacks</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Insights on how to overcome cybercrime challenges</li>
</ul>
</ul>
</ul>
</ul>
&nbsp;

By Teo Xiang Zheng, VP of Advisory, Ensign InfoSecurity
&nbsp;
In 2025, cybercrime is poised to become a global economic force, costing the world an alarming US$12 trillion. This staggering figure would rank it as the third-largest economy in the world, surpassing the GDP of Germany and Japan.&nbsp;
&nbsp;
Attack surfaces will expand as businesses accelerate their digital transformation, making cyber resilience a critical survival skill.
&nbsp;
Three key cybersecurity trends are poised to dominate in 2025: Ransomware's growing sophistication, artificial intelligence enabling more potent attacks, and geopolitical tensions driving tech bifurcation. Together, they create a complex and volatile cybersecurity landscape.
&nbsp;

In 2025, cybercrime is poised to become a global economic force, costing the world an alarming US$12 trillion. This staggering figure would rank it as the third-largest economy in the world, surpassing the GDP of Germany and Japan. 

The Cyber Security Agency of Singapore (CSA) has published the CCoP 2.0 for Critical Information Infrastructure which came into effect on 4 July 2022, superseding the previous versions of the code. Its aim is to establish stronger governance and strengthen cyber resiliency in the 11 CII sectors. Download this eGuide to learn more about the 16 key changes in the revised CCoP, and the recommended approaches and solutions to meet the requirements

Learn more about the key changes in the revised Cybersecurity Code of Practice, and how Ensign can help Critical Information Infrastructure Owners manage cyber risks, and become compliant with the new code

By Adithya Nugraputra, Head of Consulting at Ensign InfoSecurity Indonesia
&nbsp;
The Trend of Ransomware Attacks - one of the types of cyberattacks aimed at obtaining ransom has dramatically increased globally. Throughout 2023, several significant global organizations such as Toyota, the National Basketball Association (NBA), and AXA have been recorded as victims of ransomware attacks. According to the United States government, ransomware attacks have disrupted services and businesses, affecting banks, government offices, hospitals, energy companies, and various industries. In 2022, organizations worldwide detected 493.33 million cases of ransomware attacks, a significant increase from 304.64 million cases in 2020. There was a spike in 2021, with the number of ransomware attacks reaching 623.25 million cases, driven by factors such as the widespread adoption of remote work systems due to the pandemic, which created new opportunities for cybercriminals. Although it decreased slightly in 2022, reported cases of ransomware attacks remained significantly higher compared to 2020.&nbsp;
&nbsp;
In Indonesia, ransomware has targeted various critical organizations, ranging from marketplaces and banking to the public sector. The Threat Landscape Report 2023, Fourth Edition by Ensign InfoSecurity, indicates the financial sector as one of the four favorite targets for cyberattacks in Indonesia. The National Cyber and Crypto Agency also mentioned ransomware as one of the three most frequent incidents of cyberattacks in Indonesia. At least 17 ransomware attacks with the publication of sensitive data occurred throughout 2023.&nbsp;

The byline explores global and Indonesian cybersecurity threats, as well as the pivotal role AI plays in streamlining incident response, enhancing threat hunting capabilities, and efficiently processing extensive data. Adithya Nugraputra shares how organisations can utilise AI to prioritise threat analysis, forecast potential threats, and proactively thwart attacks, ultimately enhancing resilience in the ever-evolving cyber landscape.

The use of technology in ship operations and management is placing&nbsp;maritime organisations at a risk of cyber-attacks. The ramifications of these cyber-attacks are wide-ranging, stemming from ship collisions to possible cargo losses, pollution, and even disruption in port operations.
&nbsp;
In this opinion piece on Seatrade Maritime, Ensign&rsquo;s Head of Advisory, Teo Xiang Zheng, explains measures maritime organisations can take to shore up their cyber defences. These include leveraging the cyber community for cyber threat information, bolstering organisations&rsquo; cybersecurity hygiene, or even reviewing and revising crisis management plans and playbooks.&nbsp;
&nbsp;
Click <a href="https://ensign.global/3q8upm1" target="_blank" rel="noopener">here </a>to read more about what Xiang Zheng had to say.

Maritime organisations face increasing cyber threats as they leverage on technology in their operations and management processes. Ensign’s Head of Advisory,   
Teo Xiang Zheng explains how maritime organisations can shore up their cyber defences in this opinion piece on Seatrade Maritime.

Inclusivity is at the heart of Ensign InfoSecurity&rsquo;s values. We take great pride in embracing neurodiverse individuals on the autism spectrum as part of our workforce, recognising the unique talents and abilities they bring that make them invaluable members of our society.
&nbsp;
In a recent interview with CNA "Work It" our Chief Information Officer, Steven Ng, shared valuable insights into our approach to hiring and working with Neurodivergent Individuals. We invite you to join us in listening to this enlightening conversation, where we emphasise the importance of embracing diversity and fostering a supportive environment for all.
&nbsp;
Catch it <a style="color: blue;" href="https://ensign.global/45M70Gt" target="_blank" rel="noopener">here</a>.

At Ensign InfoSecurity, inclusivity is at the heart of our values. We are proud to have welcomed neurodiverse individuals on the autism spectrum into our workforce, recognising the unique talents and abilities they bring that make them invaluable members of our society.

Protect your sensitive information with Ensign's Data Loss Prevention (DLP) Suite. Safeguard intellectual property, personal details, and financial information while ensuring compliance and reducing cyber breach risks. Aligned with NIST&rsquo;s cybersecurity framework, Ensign&rsquo;s DLP Suite can secure your oragnisation&rsquo;s data across all platforms.

Data loss due to cyberattacks poses significant risks, impacting not only individual companies but entire economies.

As the digital world struggles to deal with the onslaught of more prevalent and pernicious threats, the pressure on the Banking, Financial Services &amp; Insurance (BFSI) industry to perform has never been greater. To drive growth and increase customer trust, financial institutions are taking advantage of various platforms such as mobile, cloud, and social&mdash;exposing them to further cybersecurity risks.
&nbsp;
As customers continue to move away from physically transacting with banks and other institutions, more enhanced investment in securing mobile and web-based services must be seriously considered to keep up with customer behaviour and expectations.
&nbsp;
Read the ebook and learn more about:
<ul type="disc">
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Digitalisation trends</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; The industry&rsquo;s cybersecurity risks and threats</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; MAS&rsquo; proposed cybersecurity guidelines</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; How to manage risks</li>
</ul>
</ul>
</ul>
</ul>
</ul>

Download our eBook to find out how the BFSI industry is adopting disruptive technology, and the cyber risks arising from it.

Critical Infrastructure (CI) in Hong Kong, including banking, telecommunications, and transportation, is crucial for societal and economic well-being. Disruptions to CI networks threaten public safety and security. Globally, jurisdictions mandate CI operators to safeguard systems, prepare for cyber incidents, and report breaches. Hong Kong&rsquo;s upcoming legislation, the Protection of Critical Infrastructure (Computer System) Bill slated to be passed in 2025, aims to bolster CI cybersecurity.
&nbsp;
Download the eBook for more details on strengthening your CI defences.

Globally, jurisdictions mandate CI operators to safeguard systems, prepare for cyber incidents, and report breaches. Hong Kong’s upcoming legislation, the Protection of Critical Infrastructure (Computer System) Bill slated to be passed in 2025, aims to bolster CI cybersecurity.

Taking advantage of the rapid adoption of digital technology and accelerated use of digital payments, cyber threat actors are increasingly targeting payments and payments-related infrastructure. Amidst this landscape, the PCI Security Standards Council (PCI SSC) issued Version 4.0 of the PCI DSS on March 31, 2022, shifting the standard's focus to outcome-based requirements.
&nbsp;
Download this eBook to find out how to remain PCI DSS compliant.

The Payment Card Industry Data Security Standard (PCI DSS) was developed to 
encourage and enhance payment card account data security, as well as facilitate the broad adoption of consistent data security measures globally.

Find out more on how PCI DSS develops a baseline of technical and operational requirements 
designed to protect account data. 

Ransomware&nbsp;attacks have come to greater notoriety in recent times. The&nbsp;DarkSide incident, in particular, compromised a US-based critical infrastructure, causing a widespread disruption to its services, and lives of many. This has reportedly gained the perpetrators a huge amount of payout. Other prominent&nbsp;ransomware&nbsp;attacks in 2021 included attacks on AXA Insurance that was reported in May 2021, and Kaseya in July 2021.
Ransomware&nbsp;perpetrators are also evolving their tactics, techniques and procedures in their cyber operations. These include the Ransomware-as-a-Service model, and double extortion approach used by cyber criminals, which results in increased success rates that puts organisations at greater risk.
&nbsp;
Download the Ensign Anti-Ransomware Suite to learn more about:
&nbsp;
<ul>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; The&nbsp;increasing sophistication and advancement of&nbsp;ransomware&nbsp;campaigns</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Ensign&rsquo;s defence approaches to curb&nbsp;ransomware&nbsp;threats from materialising</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Recommendations to prevent, detect, and respond to ransomware attacks</li>
</ul>
</ul>
</ul>
</ul>

Ensign's Anti-Ransomware Suite equips organisations with capabilities to prevent, detect, and respond to advanced ransomware threats.

The Ensign Cyber Threat Landscape Report 2021 provides insights into the most prevalent threats we observed in 2020 in Asia Pacific, more specifically in Singapore, Malaysia, Hong Kong and South Korea. It also presents the cybersecurity outlook for 2021.
&nbsp;
Highlights from the report include:
<ul>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Covid-19-themed and phishing threats</li>
</ul>
<ul>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Top threat activities observed across the MITRE ATT&amp;CK Tactics, Techniques and Procedures</li>
</ul>
<ul>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Top malware groups</li>
</ul>
<ul>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Top threat actor group</li>
</ul>
<ul>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Cybersecurity outlook&nbsp;for&nbsp;2021</li>
</ul>
<ul>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Conclusion and key learnings</li>
</ul>
</ul>
</ul>
</ul>
</ul>
</ul>
</ul>

Gain insights into the attackers’ tactics, techniques, and procedures, as well as detailed accounts of their impact on Asia-Pacific organisations in 2020.

In a recent interview with Channel 8 News, Teo Xiang Zheng provided valuable insights into the alarming surge of cyber threats. Watch the video <a style="color: blue; text-decoration: underline;" title="Ch8 Interview" href="https://ensign.global/3CKhidi" data-sf-ec-immutable="">here</a>.

In a recent interview with Channel 8 News, Teo Xiang Zheng provided valuable insights into the alarming surge of cyber threats.

In 2019, the number of cyber threats continued to rise, compromising and putting the spotlight on some critical infrastructure sectors and high-profile organisations. Find out the top threat attack vectors enterprises faced, as well as the most targeted industries in Singapore the previous year.

Find out the top threat attack vectors enterprises faced in 2019.

Hackers have evolved their tactics from email phishing, to now include smishing with a high level of realism, as part of their delivery methods in their cyber attack campaigns. In September 2021, The Singapore Police Force also reported at least 150 victims falling for similar scams.
&nbsp;
Through Ensign&rsquo;s Smishing Protection, we protect organisations, and their consumers, from such attacks.
&nbsp;
Download the factsheet to learn more about:
<ul type="disc">
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; The Ensign Smishing Protection approach</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Our novel and unique data science technique in detecting phishing and smishing</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Benefits and value to your organisation</li>
</ul>
</ul>
</ul>
</ul>

Learn more about Ensign Smishing Protection, and how we can protect you against smishing attacks.

The Ensign Cyber Threat Landscape Report 2020&nbsp;provides detailed insights into the&nbsp;most prevalent threats observed in Singapore&rsquo;s&nbsp;cyber landscape. Through detailed analysis of key&nbsp;security insights and threat intelligence&nbsp;information, the report identifies the cyber threats&nbsp;and trends that Singapore faced in 2019. It also offers threat insights based on the stages of the&nbsp;MITRE ATT&amp;CK&reg; framework, as well as the best&nbsp;practices for safeguarding against cyber threats.
&nbsp;
<div>
Highlights from the report include:
<ul>
<li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Details on the top cyber attack vectors</li>
<li style="display: flex; align-items: flex-start;">&bull; Insights into the most targeted industries</li>
<li style="display: flex; align-items: flex-start;">&bull; Top threat attack sources</li>
<li style="display: flex; align-items: flex-start;">&bull; Threat insights based on the stages of the MITRE ATT&amp;CK&reg; framework</li>
<li style="display: flex; align-items: flex-start;">&bull; Analysis of the most active attack groups in 2019</li>
<li style="display: flex; align-items: flex-start;">&bull; Best practices and recommendations</li>
<li style="display: flex; align-items: flex-start;">&nbsp;</li>
</ul>
<a style="color: blue;" href="https://ensign.global/3OFb4SF" target="_self">CLICK HERE</a> to find out more about the Ensign Cyber Threat Intelligence service.
</li>
</ul>
</div>

Gain detailed insights into the most prevalent threats observed in Singapore’s cyber landscape in 2019.

As financial institutions (FIs) increasingly adopt new technologies, they also expose themselves to new risks that cyber criminals readily exploit. Possessing sensitive data that&rsquo;s highly valued, FIs continue to be the main targets of attacks. In light of this, the Hong Kong Monetary Authority (HKMA) released the Cybersecurity Fortification Initiative (CFI) 2.0.&nbsp;
&nbsp;
Ensign InfoSecurity&nbsp;has produced a guide that provides insights into the key changes in the CFI 2.0 and the Cyber Resilience Assessment Framework (C-RAF), as well as how Ensign can help FIs implement them.

This eBook expands on the key changes to HKMA’s CFI 2.0, and the C-RAF, as well as highlights how Ensign can help FIs benefit from them.

While the world&rsquo;s economy slows down, and business operations globally come to an alarming halt, opportunistic cybercriminals are thriving and targeting enterprises, more particularly those from the healthcare sector. In an interview with CNA, Ensign's Senior Vice President of Technology and Capabilities, Lee Shih Yen, spoke about the rise of cyberattacks in the healthcare industry, and how the threat landscape has evolved as a result of the Covid-19 pandemic.
Watch the interview here:&nbsp;<a href="https://www.channelnewsasia.com/watch/rise-cyber-attacks-across-all-sectors-march-april-healthcare-tops-list-attacks-video-1469336" data-sf-ec-immutable="">CNA-Interview</a>&nbsp;

Ensign's Senior Vice President of Technology and Capabilities, Lee Shih Yen, spoke about the rise of cyberattacks in the healthcare industry in an interview with CNA.

In this podcast episode, we are joined by hosts Teo Xiang Zheng (Vice President of Advisory) and Bach HD (Senior Consultant) from Ensign InfoSecurity, along with our special guest, Benjamin Ang (Senior Fellow; Head of Centre of Excellence for National Security; Head of Digital Impact Research) from RSIS, NTU.
&nbsp;
We'll delve into the unique cyber threat landscape of Asia. Through the advocacy and adoption of threat-informed defence approaches, we'll discuss the unique insights and threat groups we've observed in the region. Organisations should take note of these insights to inform their cyber strategies and defences. We'll also uncover the power of collaboration between the public, private, and academic sectors in strengthening cybersecurity, exploring the far-reaching benefits that these partnerships bring to communities for developing the cyber ecosystem across the region. Lastly, we'll explore ASEAN's pivotal role in shaping regional and international cybersecurity policies, offering an insider's perspective on their influence.

In this podcast episode, we delve into the unique cyber threat landscape of Asia. Through the advocacy and adoption of threat-informed defence approaches, we'll discuss the unique insights and threat groups we've observed in the region

Data scientists from Ensign&rsquo;s Labs presented their research&nbsp;entitled&nbsp;&ldquo;TypoSwype: An Imaging Approach to Detect Typo-Squatting" during the IEEE NTMS 2021 Conference. The study highlights considerations pertaining to keyboard distances, a main vulnerability exploited by typo-squatting techniques.&nbsp; The study also aims to address the lack of a widely accepted approach for keyboard distances by leveraging on state-of-the-art image recognition techniques.

Ensign Labs’ research highlights how TypoSwype can detect Typo-Squatting.

As the digital landscape rapidly expands with the proliferation of XIoT (Extended Internet of Things)&nbsp;devices, organisations are increasingly finding their cybersecurity postures lagging behind its demands.&nbsp;This expansion has brought about significant challenges, such as the lack of clear visibility into the&nbsp;networked XIoT assets and the corresponding risk and vulnerability exposures.
&nbsp;
To keep up with the continuous pace of digital transformation, critical infrastructure industries such as&nbsp;manufacturing, and healthcare, must evolve beyond traditional vulnerability management of their&nbsp;Cyber-Physical Systems (CPS). They should create a broader and more dynamic programme for&nbsp;managing their overall exposure to risk.
&nbsp;
This requires a specialised approach that enables these organisations to create an Exposure Management programme that takes into account asset complexities, unique governance, and business-critical operational outcomes of CPS environments. This encompasses a repeatable cycle of measures that optimise security beyond traditional means such as patching or playbooks.

As the digital landscape rapidly expands with the proliferation of XIoT (Extended Internet of Things)
devices, organisations are increasingly finding their cybersecurity postures lagging behind its demands.
This expansion has brought about significant challenges, such as the lack of clear visibility into the
networked XIoT assets and the corresponding risk and vulnerability exposures.

By Nicky Au, General Manager, Ensign InfoSecurity, Greater China
&nbsp;
Hong Kong has been hit by a spate of cyberattacks in the last year, notably British engineering firm&rsquo;s HKD200 million deepfake video conference scam and a series of ransomware attacks targeting the government, healthcare and education sectors. Worsened by the rampant abuse of Artificial Intelligence (AI) to manipulate truths, it is evident that no entity is immune to becoming a victim of cyberattacks, regardless the scale of its business or industry sector.
&nbsp;
Ransom as the primary motive for cyberattacks
 Ensign InfoSecurity (&ldquo;Ensign&rdquo;), Asia&rsquo;s largest comprehensive cybersecurity solutions provider, identified ransom as the primary objective in 69% of all observed attacks in the Greater China Region in 2023. This is one of the key insights highlighted in Ensign&rsquo;s fifth edition of the Cyber Threat Landscape Report, which draws on Ensign&rsquo;s proprietary and cyber threat intelligence sources.

Hong Kong has been hit by a spate of cyberattacks in the last year, notably British engineering firm’s HKD200 million deepfake video conference scam and a series of ransomware attacks targeting the government, healthcare and education sectors.

Today, the unseen threat of cyberattacks and online scams is not confined to major corporations and governments, but also small businesses and everyday online activities of ordinary citizens.&nbsp; &nbsp; So, is cybersecurity akin to public goods like street lighting, clean water and national security, or is it a private entity that individual users and organisations should manage independently? By drawing parallels with water sanitation to the last car in the showroom, the discourse drives home the importance of clear demarcation between individual and state responsibilities in the cyber realm. It also explores the various models on the provision of cybersecurity, from regulatory intervention to subsidies and indirect state implementation. &nbsp; This thought-provoking commentary, authored by Mr Gaurav Keerthi in his role as Adjunct Senior Fellow with the Centre of Excellence for National Security, and concurrently Ensign InfoSecurity&rsquo;s Head of Advisory and Emerging Business, sheds light on the integral role of cybersecurity, exploring its essence, both for private and public good.
&nbsp;
Read the opinion piece featured on TODAY <a style="color: blue;" href="https://ensign.global/3twx8ac" target="_blank" rel="noopener">here</a>
Read the full commentary published on RSIS&nbsp;<a style="color: blue;" href="https://www.rsis.edu.sg/rsis-publication/rsis/is-cybersecurity-a-public-or-private-good/" target="_blank" rel="noopener">here</a>

As cyber threats continue to escalate, the debate intensifies over the respective roles and responsibilities of governments, businesses, and individual digital application users in ensuring online safety. In this commentary, Gaurav Keerthi discusses the integral role of cybersecurity, exploring its essence, both as a private and public good.

Today&rsquo;s exponential growth in data is unlikely to go away anytime soon. In fact, it looks set to escalate, which makes the amendments to the PDPA timelier than ever. The Cybersecurity Guide on the Personal Data Protection (Amendment) Bill provides insights into the PDPA, and the steps Singapore organisations can take to better manage their sensitive data, and mitigate the risks.&nbsp;
&nbsp;
Highlights of the ebook include:
<ul type="disc">
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Strengthening consumer trust through organisational accountability</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Ensuring effectiveness of enforcement</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Enhancing consumer autonomy</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Supporting data use for innovation</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Ensign&rsquo;s recommendations</li>
</ul>
</ul>
</ul>
</ul>
</ul>
</ul>

Download our ebook to find out the key changes of the amendment bill and their impact on Singapore organisations.

By Gaurav Keerthi, Head of Advisory and Emerging Business, Ensign InfoSecurity
&nbsp;
In an increasingly digital world, disruptions are inevitable, and recent incidents highlight the impact on everyday lives. A failed software update by CrowdStrike led to device crashes and queues at airports, while a vulnerability in Mobile Guardian&rsquo;s platform saw Singaporean students lose essential revision notes weeks before exams. Mobile Guardian&rsquo;s services were terminated by The Ministry of Education. In each instance, we are left asking: can such disruptions be prevented, or is mitigation the real focus?
&nbsp;
Digitalisation offers undeniable advantages but brings with it significant risks. Complex systems mean that even minor issues can escalate quickly, leaving end-users&mdash;like students, businesses, and consumers&mdash;as collateral damage. As reliance on digital infrastructure deepens, we must question not just how to prevent these disruptions but also how to better insulate ourselves against their effects.

Digitalisation offers undeniable advantages but brings with it significant risks. Complex systems mean that even minor issues can escalate quickly, leaving end-users—like students, businesses, and consumers—as collateral damage. As reliance on digital infrastructure deepens, we must question not just how to prevent these disruptions but also how to better insulate ourselves against their effects.

Joining us in this episode are host - Gaurav Keerthi (Head of Advisory and Emerging Business), and special guests - Lee Joon Sern (Director of ML and Cloud Research) and Eng De Sheng (Cyber Vulnerability Researcher). We delve into the evolving landscape of malware, highlighting how traditional classification methods struggle to keep up. As we explore the promising realm of image-based malware classification, we offer a solution to these limitations, revolutionising detection techniques, and reshaping cyber operations. We also examine global and Asia-Pacific region challenges in adopting novel classification methods. Discussing the pivotal role of AI and ML in modern cybersecurity, we uncover their potential in combating contemporary cyber threats, all while emphasising the irreplaceable importance of human oversight in maintaining the delicate balance between automation

In this episode, we delve into the evolving landscape of malware, highlighting how traditional classification methods struggle to keep up.

The spate of ransomware attacks globally has resulted in disruptions in services and businesses across various sectors. Global economic losses from these attacks have also exceeded millions of dollars. In this opinion piece on Cybersecurity ASEAN, Ensign&rsquo;s Lead Data Scientist, Lee Joon Sern, explains how Artificial Intelligence is important in the fight against ransomware attacks. He also covers specific examples such as how AI-Powered cyber defences can tackle ransomware attacks, how to prepare for response and recovery of systems, as well as how ransomware attacks can gravely affect businesses. &nbsp;
&nbsp;
Click <a title="https://cybersecurityasean.com/expert-opinions-opinion-byline/importance-artificial-intelligence-fight-against-ransomware?utm_source=website&amp;utm_medium=article&amp;utm_campaign=Joon+Sern+Byline+on+Importance+of+AI+Against+Ransomware+Attacks&amp;utm_id=Joon+Sern+Byline+on+Importance+of+AI+Against+Ransomware+Attacks" href="https://ensign.global/3YrldFV" target="_blank" rel="noopener">here</a> to read more.

Ransomware attacks are on the rise globally. Ensign’s Lead Data Scientist, Lee Joon Sern, explains the importance of Artificial Intelligence in combating these threats. He touches on how AI-Powered cyber defences work at the different stages of a ransomware’s cyber kill chain.

<div>
The&nbsp;COVID-19 pandemic has made the&nbsp;collection of personal data on&nbsp;health status, physical movement, personal contacts, and in some cases, spending and behavioural patterns a necessity in contact tracing efforts. As employees progressively return to worksites, organisations are now implementing contact tracing measures,&nbsp;albeit with certain cyber risks,&nbsp;to collect, store and manage the personal data to prevent a &lsquo;second-wave&rsquo; of infections. &nbsp; In this eBook, &lsquo;Data Security in a Post-COVID-19 World&rsquo;, Teo Xiang Zheng, Head of Advisory at Ensign Consulting, shares about the cybersecurity challenges arising from contact tracing applications and data management, and how organisations can implement a robust data security strategy to mitigate the risk of a data breach. &nbsp; Highlights from the eBook include:
<ul>
<li>Types of contact tracing solutions and their associated cybersecurity challenges in data management </li>
<li>Hard truths about technology vulnerabilities and cyber supply-chain risks </li>
<li>Practical recommendations for organisations to secure data in this new digital age</li>
</ul>
</div>
<div>&nbsp;</div>

Learn how organisations can overcome the cybersecurity challenges arising from contact tracing applications and data management.

Deepfakes are an escalating threat to consumers, enterprises, and government entities, posing significant risks through fraud, misinformation, and the manipulation of public opinion. With the rapid advancement of AI, bad actors are creating increasingly convincing fake audio and video, making it harder to distinguish between real and manipulated content. As these sophisticated deceptions become more widespread, the need for reliable detection methods is more critical than ever.&nbsp;
&nbsp;
In response, Ensign InfoSecurity has developed Aletheia&mdash;an advanced AI-powered solution that detects deepfakes within seconds. This proprietary tool identifies manipulated media in real-time, helping organisations and individuals safeguard against deepfake threats and preventing the spread of fraudulent content.&nbsp;

Ensign InfoSecurity has developed Aletheia—an advanced AI-powered solution that detects deepfakes within seconds. This proprietary tool identifies manipulated media in real-time, helping organisations and individuals safeguard against deepfake threats and preventing the spread of fraudulent content. 

By Lim Minhan, Head of Consulting, Ensign InfoSecurity
&nbsp;
The energy sector is of vital interest for Singapore. The city-state is seen as one of the leading global oil trading and refining hubs, employing over 20,000 people. It is also crucial for the regional natural gas supply, as Asia is on the way to account for half of the projected growth in global gas demand until 2025, according to IEA.
&nbsp;
Around the globe, we observe a rise in cybersecurity incidents targeting critical energy infrastructure. European ports reported various incidents last year. The United States&rsquo; State Department warned in May this year that state-sponsored actors would be capable of launching cyberattacks against pipelines after researchers found that a Chinese hacking group had been spying on its networks. In 2021, a ransomware attack on the Colonial Pipeline disrupted supplies for about a week, affecting 12,000 petrol stations on the US East Coast.
&nbsp;
Will hackers spare our shores? We think that is unlikely. Taking a deeper inspection and understanding of the adversary behaviours and the vulnerabilities exploited can help prevent possible disasters that could adversely affect crucial infrastructure and the mission-critical operations. With the right preparation, organisations can steer clear of trouble. There are a few things to keep in mind.

In this byline, Lim Minhan stresses the urgency of securing Singapore's pivotal oil and gas sector amidst a surge in global cybersecurity threats. Focusing on geopolitical and human factors, the piece advocates a threat-informed defense strategy to thwart potential disasters and fortify the resilience of critical infrastructure and operations.

Changes to the Singapore&rsquo;s Personal Data Protection Act aim to help firms build consumer trust in their data usage, and strengthen their data security practices. Teo Xiang Zheng, Ensign's Head of Advisory, weighs in on the rationality behind the amendments, and what businesses could do to step up, and roll with the changes.
&nbsp;
Read more <a style="color: blue;" href="https://ensign.global/2Pn26NS" target="_blank" rel="noopener">here.</a>

Ensign InfoSecurity’s Head of Advisory, Teo Xiang Zheng shares with BizQ what the recent changes to the Personal Data Protection Act could mean for businesses.

The constantly evolving threats leave many organisations unable to predict the adversaries&rsquo; next move. To turn things around, it is critical for organisations to gain a deep understanding of their cybersecurity posture and how they can effectively respond to attacks. Through Red Teaming exercises, Ensign enables organisations to be in a better position to defend against the onslaught of attacks. Employing cyber criminals&rsquo; tactics, techniques and procedures, Ensign can test and improve organisations&rsquo; level of readiness against real-world cyberattacks. Read the factsheet and learn more about: &bull; Adversarial Emulation &bull; Vulnerability assessment &amp; Penetration Testing &bull; Key areas of typical Red Teaming Exercise With constantly evolving threats, organisations are often left unprepared for any incident. Ensign helps develops their readiness through multi-faceted training exercises using real-world cyberattack scenarios.

Learn more about
Ensign’s Red Teaming Services

Threat actors often target privileged access because it leads to the most valuable and confidential information, such as customer identities, financial information, and personally identifiable information. Without proper controls in place, internal and external threat actors can exploit gaps in your IT environment and gain access to your critical data.
Learn how Ensign System Integration&rsquo;s Access &amp; Identity services can help protect your crown jewels through its Design &amp; Build Services, as well as Managed Security Services &amp; Support Services. Some benefits of engaging these services include:
&bull; Protection against insider threats &bull; Ability to recover quickly from cyber attacks &bull; Compliance to data privacy regulations

Critical data such as customer identities, financial information, and personally identifiable information are prime targets for cyber threat actors. Find out how Ensign can help you protect your crown jewels.

Interview by J. Angelo Racoma
&nbsp;
In this&nbsp;TNGlobal Q&amp;A&nbsp;with&nbsp;<a href="https://www.linkedin.com/in/gaurav-keerthi/">Gaurav Keerthi</a>, Head of Advisory and Emerging Business at Ensign InfoSecurity, we delve into the rapidly evolving landscape of Generative AI (GenAI) in the context of cybersecurity challenges and opportunities. With a unique perspective shaped by his experiences in both public and private sectors, Keerthi provides a nuanced understanding of GenAI&rsquo;s dual role in cybersecurity. He highlights its transformative potential for enhancing defensive capabilities while simultaneously acknowledging the escalating threats posed by its misuse by attackers. Keerthi underscores the importance of understanding the technology at a fundamental level, including its inherent risks, to effectively harness its benefits and mitigate its dangers.
&nbsp;
The conversation then shifts to the critical considerations organizations must address when integrating GenAI into their cybersecurity frameworks. Keerthi emphasizes the need for a balanced approach, where the benefits of GenAI are leveraged alongside a thorough understanding and mitigation of its associated risks. He advises organizations to carefully evaluate their GenAI usage strategies, particularly in relation to data privacy, ethical considerations, and the challenges of using cloud-based solutions.

In an interview with TNGlobal, @Gaurav Keerthi, Ensign InfoSecurity’s Head of Advisory and Emerging Business delved into the critical considerations organisations must address when integrating GenAI into their cybersecurity frameworks.  Gaurav stressed the importance of maintaining a balanced approach, where organisations harness the benefits of GenAI and mitigate its associated risks.

Updated as of 26 September 2023 1200hrs The Situation&nbsp;
In response to high profile cyber attacks, Hong Kong authorities are mulling over introducing a law on cybersecurity and strengthening communications with overseas agencies, to step up legal regulatory measures to combat cybercrime.
Hong Kong has seen another cyber attack reported by its consumer watchdog, Consumer Council, on 22 Sep, two weeks after a leading digital business technology park, Cyberport, revealed on 7 Sep that it suffered a ransomware attack.
Hong Kong&rsquo;s consumer watchdog Consumer Council revealed an investigation into a personal data leak in a press conference on 22 Sep.
For both attacks, the Hong Kong Office of the Privacy Commissioner for Personal Data (PCPD) had received data breach notifications from both Cyberport and Consumer Council, and commenced compliance checks into the incidents. Both organisations have been advised to notify the affected data subjects as soon as possible.
At the time of writing, the Consumer Council has sent out 25,000 data breach notifications to business contacts, staff and subscribers.
&nbsp;
Cyberport Ransomware Attack&nbsp;
The ransomware group Trigona posted the data leak of Cyberport on the dark web. &nbsp;Leaked data included scans of Hong Kong identity card, financial statements, r&eacute;sum&eacute;s belonging to Cyberport staff and tenants. Commercially sensitive information including lease agreements, receipts, audit reports, and correspondences with governments and vendors was also leaked.
&nbsp;
Threat Profile of Trigona &nbsp;
Trigona is a relatively new strain of ransomware that has hit organisations increasingly in non-Western countries including Brazil, China and Argentina. &nbsp;The threat actor(s) deploying the ransomware employs a double extortion schedule. Reports indicated that the threat actor(s) achieved initial access via a combination of brute force attacks, purchasing previously compromised accounts by obtaining access from network access brokers (&ldquo;IABs&rdquo;), and exploitation of vulnerable public-facing applications.
Trigona&rsquo;s operators have remained highly active and were in the top 20 out of the 43 ransomware groups which named victims on their respective data-leak sites. &nbsp;During the period of Q2 2023 (Apr &ndash; Jun), Trigona claimed 18 named victims on their site.
&nbsp;
&nbsp;

Hong Kong has seen another cyber attack reported by Consumer Council just 2 weeks after Cyberport revealed it was hacked and reported by media outlets on 7 Sep 2023 in which the attack resulted in data exfiltration totaling 400GB, including personally identifiable data. Learn more about this cyber threat facing Hong Kong SAR, and some recommendations to facilitate proactive actions in response to this threat.

Ensign Labs has detected an increase in malware activities targeting Banking, Financial Services and Insurance (BFSI) companies, through our proprietary Automated Malware Analysis Platform. From February 2020, our team of analysts observed a rise in Ursnif attributed detections, which spiked 5 times since March 2020.
&nbsp;
The highlights of the advisory include:
<ul>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Spike in Ursnif trojan activity; BFSI sector most targeted, accounting for 63.4% of detection alerts</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Threat behaviour and techniques of the Ursnif trojan by mapping to the MITRE ATT&amp;CK framework</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Conclusion and recommendations</li>
</ul>
</ul>
</ul>
</ul>

Ensign Labs’ proprietary Automated Malware Analysis Platform has detected a spike in malware activities targeting BFSI companies.

<h3>The Situation</h3>
A widespread campaign by a nation-state actor involving SolarWinds was uncovered by FireEye recently. The campaign used a trojanised version of SolarWinds Orion updates, which was digitally signed between March and May 2020, and uploaded to the SolarWinds&rsquo; update website. At least two top vendors were breached, and this incident has serious implications to the cybersecurity industry, its supplier chains and organisations using the affected products.
&nbsp;
<h3>Our Commitment</h3>
The situation is fast evolving as details of the breach are being announced and more affected parties are made known. Ensign will continue to keep a close watch and provide relevant insights and recommendations to the community. Throughout this year-end festive period, Ensign continues to be available to clients who require assistance on any cyber-related matters.
&nbsp;

Ensign's plans and procedures in response to the recent breach involving SolarWinds.

Ensign's VP of Advisory, Teo Xiang Zheng, participated as a virtual speaker at the International Cyber Defence Conference (CYDEF2023) from 29 Nov to 1 Dec, held in Tokyo, Japan, under the theme "International Order and Active Cyber Defence".
&nbsp;
On his topic "Enabling Threat-informed Defence Through Greater Threat Situation Awareness", Xiang Zheng covered highlights from the Ensign Cyber Threat Landscape Report 2023, the top threats observed in the APAC region, including the rise of "spray and pray" attacks and chinese-associated threat groups. He further shared about the importance of leveraging a threat-informed defence approach, to establish intel-led defence strategy, enable prioritised defence actions, and to enhance threat response and risk management.
&nbsp;
Watch the on-demand video recording to learn more!

In this on-demand video presentation, Teo Xiang Zheng highlights the top cyber threats facing APAC, and the importance of adopting threat-informed defence approaches in cyber defence strategy to enable prioritised defence actions and enhance threat response and risk management.

<div>Digital transformation has been a catalyst for growth for many organisations, but it has also opened them up to more cyberattacks. To address the growing attack surfaces, one key priority is to improve cyber threat detection and response capabilities, which can be burdensome to operate, maintain and optimise.</div>
<div aria-hidden="true">&nbsp;</div>
<div>In this factsheet, learn how the Ensign Managed Detection &amp; Response (MDR) solution leverages Artemis&mdash;a proprietary digital forensic and incident response platform and Athena&mdash;a team of threat intelligence specialists, to help your organisation effectively detect and respond to threats by providing contextualised and actionable cyber threat intelligence, highly automated capabilities, and full spectrum visibility.</div>

In this factsheet, learn how the Ensign Managed Detection & Response (MDR) solution leverages Artemis—a proprietary digital forensic and incident response platform and Athena—a team of threat intelligence specialists, to help your organisation effectively detect and respond to threats by providing contextualised and actionable cyber threat intelligence, highly automated capabilities, and full spectrum visibility.

Changes to the&nbsp;Personal Data Protection&nbsp;Act (PDPA)&nbsp;came into effect on 1 Feb 2021, with enhanced measures for greater organisational accountability and consumer protection, while giving organisations the confidence to use data for innovation and business growth.&nbsp;
&nbsp;
To reduce&nbsp;the&nbsp;risk of data breaches,&nbsp;in line with PDPA&rsquo;s requirements,&nbsp;organisations should adopt a holistic approach for securing sensitive data.&nbsp;
&nbsp;
Download&nbsp;the&nbsp;factsheet&nbsp;to find out how&nbsp;Ensign&rsquo;s Data Loss Prevention (DLP) Programme&nbsp;can help facilitate such an approach.
&nbsp;
Some&nbsp;key highlights:
<ul style="max-width: 90%; text-align: left; margin: auto; list-style-type: disc;">
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Overview of Ensign&rsquo;s&nbsp;DLP&nbsp;Programme</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Adopting the&nbsp;DLP&nbsp;Process Lifecycle enhances data security in all 5 areas of Identify, Protect, Detect, Respond and Recover framework.</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Success stories and use cases</li>
</ul>
</ul>
</ul>
</ul>

Ensign’s DLP Programme helps secure data in-use, data in-motion, and data at-rest across endpoints, networks, storage and the Cloud.

Changes to the&nbsp;Personal Data Protection&nbsp;Act (PDPA)&nbsp;came into effect on 1 Feb 2021, with enhanced measures for greater organisational accountability and consumer protection, while giving organisations the confidence to use data for innovation and business growth.&nbsp;
&nbsp;
To reduce&nbsp;the&nbsp;risk of data breaches,&nbsp;in line with PDPA&rsquo;s requirements,&nbsp;organisations should adopt a holistic approach for securing sensitive data.&nbsp;
&nbsp;
Watch&nbsp;the&nbsp;on-demand video and download&nbsp;the&nbsp;factsheet&nbsp;to find out how&nbsp;Ensign&rsquo;s Data Loss Prevention (DLP) Programme&nbsp;can help facilitate such an approach.
&nbsp;
Some&nbsp;key highlights:
<ul>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Overview of Ensign&rsquo;s&nbsp;DLP&nbsp;Programme</li>
</ul>
<ul>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Adopting the&nbsp;DLP&nbsp;Process Lifecycle enhances data security in all 5 areas of Identify, Protect, Detect, Respond and Recover framework.</li>
</ul>
<ul>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Success stories and use cases</li>
</ul>
</ul>
</ul>
</ul>

Is your organisation ready to handle cybersecurity incidents such ransomware attacks and data breaches? In the event of a real security incident, it can cost not only operational downtime, but also reputational and financial loss. Given the speed and relentless manner cyber attacks are conducted, time is of the essence when remediating intrusions to prevent further harm.&nbsp;Ensign has certified digital forensic investigators and incident responders to help organisations minimise the impact of cyber incidents.
&nbsp;
Download our factsheet to learn more about:
<ul style="max-width: 90%; text-align: left; margin: auto; list-style-type: disc;">
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Our approach to the use of cyber threat intelligence and automation to improve speed in incident response</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Threat hunting and incident response for OT/ICS and Cloud environments</li>
</ul>
</ul>
</ul>

Learn how Ensign leverages on cyber threat intelligence and automation to improve its speed in incident response. Ensign’s Digital Forensic and Incident Response factsheet gives you an overview of how best you can apply threat hunting and incident response for OT/ICS and Cloud environments.

Updated as of 22 April 2022 1800hrs
This advisory is an update to the threat advisory on <a style="color: blue;" href="/analysis-and-insights/41" data-sf-ec-immutable="">The Cyber Implication of the Ukraine Crisis</a>,&nbsp;which was&nbsp;supplemented&nbsp;with the&nbsp;<a title="/analysis-and-insights/43" href="/resources/41" data-sf-ec-immutable="">Executive Brief on&nbsp;The Cyber Impact of Russia-Ukraine Conflict</a>.
As the Russia-Ukraine conflict continues to escalate, the resulting geopolitical instability has exposed&nbsp;organisations&nbsp;both within and beyond the region to increased cyber threat activity.
A joint cybersecurity advisory has been released (20 Apr) by the cybersecurity agencies of the United States, Britain, Australia, Canada, and New Zealand (<a style="color: blue;" title="https://www.cisa.gov/uscert/ncas/alerts/aa22-110a" href="https://www.cisa.gov/uscert/ncas/alerts/aa22-110a" data-sf-ec-immutable="">https://www.cisa.gov/uscert/ncas/alerts/aa22-110a</a>).&nbsp;Together,&nbsp;they form the Five Eyes intelligence-sharing alliance which calls for critical infrastructure network defenders to prepare for potential cyber threats, including destructive (wiper) malware, ransomware, DDoS attacks, and cyber espionage.&nbsp;&nbsp;
Considering the heightened cyber threat activity, it is important that&nbsp;organisations&nbsp;prioritise reviewing and strengthening their cybersecurity postures&nbsp;and defences. We have collated a list of notable cyber threat incidents, and our recommendations to help organisations prepare for potential cyber threats.

As the Russia-Ukraine conflict continues to escalate, the resulting geopolitical instability has exposed organisations both within and beyond the region to increased cyber threat activity. Learn more about notable cyber threat incidents, and some recommendations to facilitate proactive actions in response to the conflict-related threats.

At Ensign InfoSecurity, we emphasise the importance of staying vigilant and proactive in today's ever-evolving digital realm. In a recent feature in The Business Times, Chan Kok Leong,&nbsp;our VP of Engineering, highlighted the importance for organisations to adopt a more proactive approach to cybersecurity. This approach provides organisations with the foresight needed to prevent emerging threat actors from causing any harm. He adds that prevention is key, and organisations must swiftly discern threat intelligence and identify early indicators of potential attacks in order to adeptly address challenges posed by cybercriminals. Read the full article <a style="color: blue;" target="_blank" rel="noopener">here</a>.

At Ensign InfoSecurity, we emphasise the importance of staying vigilant and proactive in today's ever-evolving digital realm.

The Situation
A recently disclosed critical security vulnerability (CVE-2021-44228) in a logging software, Apache log4j2, is one of the most serious cyber security vulnerabilities in recent years. Apache log4j is widely used in many applications across many organisations.&nbsp; All organisations must act quickly to identify and contain the risks, detect attack attempts and remediate their systems because it is widely used and easily exploitable.
&nbsp;
Since the disclosure, the vulnerability has been observed to be under active exploitation by cyber attackers. Many organisations across various sectors are vulnerable because the use of log4j is ubiquitous and the vulnerability is easy to exploit. Financially motivated attackers were among the first to exploit targets, and it is highly anticipated that there will be increased exploitation attempts leading to monetisation activities. This includes data theft and ransomware deployment.

Ensign's plans and procedures in response to the Apache Java Logging Library Log4j 2 Critical RCE Vulnerability.

The rise of Ransomware-as-a-Service (RaaS) has significantly lowered the barrier for cybercriminals to deploy ransomware. Despite understanding malware characteristics, incident responders face continuous challenges due to the unpredictable Tactics, Techniques, and Procedures (TTPs) used by attackers. Imagine an attacker lurking in your network, gathering information, and waiting for the perfect moment to strike. &nbsp;
&nbsp;
Victim Prime (alias) experienced this first-hand when a stealthy and widespread attack resulted in over 1,600 machines being encrypted and 500GB of data exfiltrated.&nbsp;
&nbsp;
Download the full case study to see how Ensign helped Victim Prime recover from a massive ransomware attack.&nbsp;
&nbsp;
As featured on Cyber Security Agency of Singapore (CSA)&rsquo;s<a class="text-secondary-B300" href="https://www.csa.gov.sg/Tips-Resource/publications/2024/singapore-cyber-landscape-2023" target="_blank" rel="nofollow noopener"> Singapore Cyber Landscape 2023 Report</a>.&nbsp;

Learn how Ensign helped Victim Prime recover from a massive ransomware attack. As featured on Cyber Security Agency of singapore (CSA)’s Singapore Cyber Landscape 2023 report.

The Ensign Advanced Analytics team designs and builds cyber analytics solutions, powered with AI/ML and automation, augmented with threat intelligence, to provide behavioural-based threat detection capabilities. Our services enable organisations to: &bull; Detect and respond to advanced cyber threats &bull; Leverage Security Orchestration &amp; Automation to bring greater value in threat &nbsp; investigation &bull; Synergise all security appliances and solutions in a single pane of glass

Cyber threats are becoming more advanced and sophisticated, and have the ability to bypass traditional detection tools. Ensign Advanced Analytics provides capabilities of advanced threat detection using artificial intelligence and machine learning behavioural models.

Attack techniques employed by highly-resourced and nation-state threat actors are increasingly becoming more sophisticated. Advanced malware are now polymorphic, highly evasive, and have the ability to bypass traditional signature-based detection tools. Organisations may not even realise that their networks have been compromised, and when they do, it is usually too late.

CybersecAsia, a publication dedicated to cybersecurity matters, featured Ensign&rsquo;s 2023 Cyber Threat Landscape (CTL) report. The coverage spotlighted how Ensign&rsquo;s CTL 2023 report presented regional perspectives from Indonesia, Hong Kong, Malaysia, Singapore, and South Korea, unveiling industries at risk and emerging threats. Additionally, the report underscored Ensign&rsquo;s findings on the rise of ransomware and wiperware, the exploitation of IoT and mobile device vulnerabilities, and the dual implications of generative AI.
Read more&nbsp;<a style="color: blue;" href="https://www.cybersecasia.net/news/cybersecurity-firm-observes-overall-lack-of-cybersecurity-awareness-in-asia?utm_source=CybersecAsia&amp;utm_medium=LinkedIn&amp;utm_campaign=LinkedIn+2023" target="_blank" rel="noopener">here</a>

CybersecAsia, a publication dedicated to cybersecurity matters, featured Ensign’s 2023 Cyber Threat Landscape (CTL) report.


With the ever-evolving threat landscape, cyber threats and tactics are becoming more sophisticated and damaging. The COVID-19 pandemic has also accelerated digitisation across organisations, enlarging their attack surfaces and extending cybersecurity further away from corporate infrastructures.&nbsp;Are organisations able to deal with the rapid changes on their own? Download this eBook to learn more about&nbsp;the&nbsp;deciding factors for&nbsp;outsourcing your security monitoring to a Managed Security Services Provider.

Get a better understanding of some key points before deciding to outsource your security monitoring to a Managed Security Services Provider.

Robust defences for cyber supply chains have proved pivotal in navigating an ever evolving threat landscape. However, any weak link in supply chains could also be detrimental as threat actors may exploit this as a point of entry. Our Head of Advisory from Hong Kong,&nbsp;Marco&nbsp;Sin&nbsp;spells out four key cyber strategies your organisation can take to isolate supply chain cyber risks. He touches on four key points that could prove instrumental in containing them:&nbsp;
&nbsp;
<ul style="list-style-type: disc; list-style-position: inside;">
<li>Implementing third-party risk assessment and monitoring services</li>
<li>Adopting a proactive cybersecurity posture&nbsp;</li>
<li>Establishing an incident response playbook</li>
<li>Maintaining good cyber hygiene practices.</li>
</ul>
&nbsp;
Click <a style="color: blue;" href="https://ensign.global/3DI3i4q" target="_self">here </a>to find out more

Vulnerabilities in Log4J, SolarWinds, and Kaseya serve as a reminder for organisations to double down on defences of the supply chains. In this CybersecAsia feature, our Head of Advisory from Hong Kong, Marco Sin, spells out four key cyber strategies your organisation can take to isolate supply chain cyber risks.

D&rsquo;Crypt, an Ensign InfoSecurity subsidiary, has developed contact tracing technologies that can help organisations monitor and minimise the spread of Covid-19 in their workplace. The technologies, BluePass and BlueGate, is currently being trialled by an Asia-based urban and infrastructure consulting firm at their worksites.&nbsp;
&nbsp;
<a style="color: blue;" href="https://ensign.global/3rV2FBK" target="_blank" rel="noopener">Read more about BluePass and BlueGate here.</a>
&nbsp;
D&rsquo;Crypt is a provider of world-class engineering and cryptographic capabilities. As a subsidiary of Ensign, it works together with the wider Ensign portfolio of bespoke service offerings to provide advanced cybersecurity solutions to secure enterprises and sectors against advanced threats in today&rsquo;s digital economy.
&nbsp;
<a style="color: blue;" href="/about-ensign/the-ensign-difference" target="_blank" rel="noopener" data-sf-ec-immutable="">Find out more.</a>

D’Crypt has developed contact tracing technologies to help organisations monitor and minimise the spread of Covid-19.

Ensign has released the Cyber Threat Landscape Report 2023. This fourth edition provides the industry and the wider regional business community with thorough analyses of noteworthy threats and pivotal trends that continue to influence the cyber threat landscape in the region from 2022 and beyond. It includes an overview of territorial insights where Ensign InfoSecurity operates in&mdash;Singapore, Malaysia, Hong Kong S.A.R., South Korea and Indonesia.
&nbsp;
The aim of this report is to equip organisations with invaluable insights and strategic advice, enabling them to maintain a vigilant and well-prepared stance against these threats. We leveraged the MITRETM framework to meticulously map out the precise tactics and techniques observed to offer effective mitigations and defensive measures. 
&nbsp;
Key highlights of the report are as follows:
<ul style="list-style-type: disc; list-style-position: inside;">
<li class="MsoNormal">Top cyber threat trends of 2022</li>
<li class="MsoNormal">Overview of territorial insights</li>
<li class="MsoNormal">Topical deep insights into four key areas</li>
<li class="MsoNormal">Outlook of cyber threats in 2023</li>
<li class="MsoNormal">Defensive actions in face of changing cyber threat landscape</li>
</ul>

Ensign Cyber Threat Landscape Report 2023 provides the industry and the wider regional business community with thorough analyses of noteworthy threats and pivotal trends that continue to influence the cyber threat landscape in the region from 2022 and beyond.

Ensign has released the Cyber Threat Landscape Report 2022. In this third edition, we expanded our coverage to include our unique insights into the observed global, and regional threats in 2021. We also leveraged our presence in Singapore, Hong Kong S.A.R., Malaysia, and South Korea to provide perspectives on territory-specific threats.
We adopted the Threat-informed Defence approach, using the MITRE ATT&amp;CK Framework (Version 10) and MITRE Engage Framework (Version 1.0) to harmonise the taxonomy of the observed threats, and the defensive engagement activities.
Download the report to gain insights into:
&nbsp;
<ul>
<li>Top cyber threat trends</li>
<li>Territorial threat profiles</li>
<li>Outlook of the threat landscape in 2022</li>
<li>Cyber defenders&rsquo; course of action</li>
<li>Key recommendations for leaders</li>
</ul>

Ensign Cyber Threat Landscape Report 2022 showcases an expansion of coverage to include insights into global, regional, and territory-specific threats in 2021, more specifically in Singapore, Hong Kong S.A.R., Malaysia, and South Korea. It also discusses recommendations on how organisations can prepare for any eventuality arising from such threats.

Cyber supply chain attacks&nbsp;are&nbsp;likely to aggravate in the near future.&nbsp;This comes in the wake of the COVID-19 pandemic, as businesses ramp up efforts to go digital to meet evolving demands, as well as the increased adoption of 5G technology.&nbsp;Yet&nbsp;many organisations remain under prepared to face these threats. Teo Xiang Zheng, Ensign Consulting&rsquo;s&nbsp;Head&nbsp;of Advisory, shares his thoughts on the need to step up safeguards not only within the organisations&nbsp;but also across their cyber ecosystems. Click <a href="https://ensign.global/3KqUJid" target="_blank" rel="noopener">here </a>to read more.

Ensign Consulting’s Head of Advisory, Teo Xiang Zheng tells itnews why organisations need to step up and extend their cybersecurity practices across their cyber ecosystems.

Commentary by Lee Joon Sern, Lead Data Scientist, Ensign Labs
Artificial Intelligence (AI), particularly Machine Learning (ML), has been gaining renewed interest in the last decade. This interest has been facilitated largely by the significant and exponential growth in its computational power to potentially address computationally-intensive, hard problems that might have been insurmountable in the past. With this increased processing power becoming more readily available, many industry players are avidly looking at how breakthroughs in AI and ML can be applied to their respective domains. These breakthroughs can improve and optimise business processes or procedures, as well as develop new products and solutions.
While AI and ML bring about a new dawn of positive transformation, these techniques can also be used for harmful purposes. This is especially so in the cyberspace, as cyber attackers are constantly finding new ways to mount attacks on organisations. In today&rsquo;s environment, it is all about combatting intelligence with intelligence. As organisations employ AI or ML for cyber defence, so do malicious entities for cyberattacks.

Ensign InfoSecurity’s Lead Data Scientist, Lee Joon Sern weighs in on the current threat landscape and the importance of empowering cyber systems with artificial intelligence and machine learning.

Singapore's healthcare sector was the top sector targeted during Covid-19, and suffered a 182-fold surge in phishing attacks from January to April 2020, compared to the same period last year.&nbsp;
&nbsp;
The spike of attacks is not surprising, and relentless cyber attacks are expected to persist. The pandemic has put potential victims in a much vulnerable state of mind which cyber actors easily exploit through social engineering tactics. Social distancing measures have also brought about a growing dependence on smart medical devices and equipment which poses greater risk, especially if devices are inadequately secured.
&nbsp;
Lee Shih Yen, Senior Vice President of Ensign Labs, weighs in on the subject, &ldquo;It&rsquo;s really back to basics to deal with this new wave of attacks.&rdquo; He recommends greater attention to 3 key areas:
<ul type="disc">
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Medical devices and wearables must address HIPAA&rsquo;s compliance requirements</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Identity management and external device authentication via Multi-Factor Authentication (MFA) system to accurately verify patients and health providers</li>
<ul style="list-style-position: inside;">
<li style="display: flex; align-items: flex-start;">&bull; Security training and awareness for patients using virtual medicine</li>
</ul>
</ul>
</ul>
</ul>

“Relentless” cyberattacks are expected to persist. New and hastily built healthcare
infrastructure are particularly at risk, according to cybersecurity
firm, Ensign InfoSecurity.

Drawing insights from the 2021 Threat Landscape Report, Ensign&rsquo;s VP of Engineering, Kok Leong, singles out cyber supply chain attacks and ransomware attacks to be among key threats that will persist in 2022. He adds that organisations ought to recognise the importance of taking additional steps to mitigate any form of elevated cyber risks.&nbsp;
&nbsp;
He also discusses Ensign&rsquo;s approach in the cybersecurity industry, as well as the direction Ensign is taking in the coming year.&nbsp;
&nbsp;
Read all about it in this interview with CyberNews <a href="https://ensign.global/3DDTpVp" target="_blank" rel="noopener">here</a>.

From key threats to watch out for to Ensign doubling down on its R&D efforts, Chan Kok Leong, Ensign’s VP of Engineering shares it all in an interview with CyberNews. He also talks about Ensign’s cybersecurity journey, and how the company aims to forge ahead.

Cybersecurity remains a prevailing concern as enterprises double down on technology adoption since the COVID-19 pandemic hit. Managed Security Services Vice President at Ensign InfoSecurity, Roland Lau tells the Business Times why cybersecurity is not only a business enabler, but also a collective responsibility between organisations and their vendors. He also shares some foundational steps to consider when building a long-term strategy for resiliency.
&nbsp;
Read more <a style="color: blue;" href="https://ensign.global/3q9tLES" target="_blank" rel="noopener">here</a>.

In a Business Times article, Roland Lau, Vice President, Managed Security Service, Ensign Infosecurity shares why cybersecurity is a collective responsibility and business enabler for enterprises.

Managing cyber risks is an increasingly challenging task for organisations in today&rsquo;s disrupted landscape. Besides protecting systems and networks from evolving cyber threats, organisations also need to assure their customers, partners and regulatory authorities of the security, integrity and resilience of their digitalised and interconnected operations and processes. In an interview with CybersecAsia, Lim Minhan, Director for Assurance in Ensign Consulting shares his thoughts on how Purple Teaming can help organisations address the challenges ahead.
&nbsp;
Read the interview <a style="color: blue;" href="https://ensign.global/3oBxTau&nbsp;" target="_blank" rel="noopener">here</a>.

In a CybersecAsia interview, Lim Minhan, Director for Assurance in Ensign Consulting shares why Purple Teaming is an effective threat adversarial approach in today’s evolving environment.

Situation
There are important cyber implications arising from the ongoing Russia-Ukraine conflict.&nbsp;In the lead up to the invasion, a wave of destructive data-wiper attacks and disruptive distributed denial-of-service (DDoS) attacks have reportedly hit Ukraine&rsquo;s government, military, and economy. These cyber attacks could spill over to unintended victims beyond Ukraine.&nbsp;For instance, the 2017 NotPetya malware attacks targeting Ukrainian organisations eventually spread and hit many organisations worldwide including pharmaceutical giant Merck and FedEx&rsquo;s European subsidiary TNT Express.
The ongoing Russia-Ukraine conflict is not the first military conflict where cyber attacks were seen alongside conventional military actions. The 2008 Russian invasion of Georgia saw similar tactics. The current Russia-Ukraine conflict remains unresolved; hence, it is also unclear if&nbsp;these ongoing cyber attacks may also directly target key countries opposing or supporting either side of the Russia-Ukraine conflict.
In response, organisations need to be prepared for the spillover of destructive and disruptive cyber attacks.&nbsp;All organisations should take&nbsp;proactive actions to enhance their security posture, increase vigilance, and be prepared for an incident response.
&nbsp;

Ensign’s recommendations on the proactive actions organisations can take to reduce the likelihood and impact of a potentially damaging cyber attack.

By Michael Tan, CISO Lead, Consulting, Ensign InfoSecurity
&nbsp;
In a world where cyber threats lurk around every digital corner, businesses face an uphill battle to safeguard their most valuable assets. The escalating sophistication of these threats coupled with a global shortage of cybersecurity professionals has left many organisations scrambling for solutions.
&nbsp;
According to the International Information System Security Certification Consortium (ISC&sup2;), there was a shortfall of 3.4 million cybersecurity professionals in 2022, highlighting a critical global issue. This shortage is particularly acute in Asia, where rapid digital transformation has made businesses vulnerable to unprecedented risks.
&nbsp;
Asia's digital revolution has outpaced its cybersecurity capabilities, creating a dire need for innovative solutions. As businesses become increasingly digital, the frequency and severity of cyber threats have surged. Traditional approaches to cybersecurity are proving inadequate, and this is where CISO-as-a-Service (CISOaaS) steps in, offering an agile and cost-effective alternative, providing businesses with the expertise they need to navigate the complex cybersecurity landscape.&nbsp;

CISOaaS is a game-changing model that offers immediate and flexible access to high-level cybersecurity expertise. This service spans from strategic leadership and advisory roles to operational execution and incident response and recovery.

Last Updated 20th January 2025
&nbsp;
New legislation to beef up the cybersecurity of Hong Kong&rsquo;s Critical Infrastructure (CI) systems was first outlined in the Chief Executive&rsquo;s Policy address in October 2022. It aims to enhance cybersecurity measures for critical infrastructure operators across the different essential sectors and to foster robust preventive management, ensuring uninterrupted essential services and reinforcing Hong Kong&rsquo;s reputation as a premier business and financial hub.
&nbsp;
Thus, on July 2, 2024, a new piece of legislation tentatively entitled the Protection of Critical Infrastructure (Computer System) Bill was proposed.&nbsp;

The Protection of Critical Infrastructures (Computer Systems) Bill is Hong Kong's first comprehensive cybersecurity law specifically designed to protect Critical Information Infrastructure (CII).

TITLE	REPORT DATE	CVE NUMBER	CVSS SCORE
LAN-Side Unauthenticated Remote Code Execution (RCE) in D-Link DIR-822 routers due to Stack-Based Buffer Overflow in HNAP	31 Jan 2024	TBC	TBC
Out-of-bounds Write Vulnerability in Avast Antivirus Sandbox Driver (aswSnx.sys) due to Time-of-check Time-of-use Race Condition	9 Nov 2023	CVE-2023-5760	8.2

Advisories

Search for Threat Advisories

Fortify your cyber defences today. Let's talk.

We provide bespoke cyber solutions that suit your needs.

Services

Solutions

About Ensign