In a worrying piece of news coming in for the Indian companies, a forum on DarkNet is reportedly selling data stolen from over 6,000 Indian businesses that includes Internet Service Providers (ISPs), some of the key government organisations, banks and enterprises. The advertisement was recently spotted by global IT security firm Quick Heal’s Enterprise Security brand Seqrite.
In a company statement, Seqrite shared further details about the advertisement they discovered along with its partner seQtree InfoServices. According to the statement, the mastermind hacker behind the advertisement is demanding 15 Bitcoins (nearly INR 42 lakh) for the information and is offering network takedown of affected organisations for an unspecified amount.
The security firm believes that if the information falls into wrong hands, it has the potential of becoming a major tool of mass disruption.
The organisations whose services are most likely to be affected if the data gets leaked are: UIDAI (Aadhaar), Employees’ Provident Fund Organisation, Idea Telecom, Bombay Stock Exchange (BSE), Flipkart, DRDO, Aircel, Reserve Bank of India, BSNL, SBI, TCS, ISRO, ICICI Prudential Mutual Fund, VMWare and several other Indian government portals, among others.
Talking to IANS, Rohit Srivastwa, Senior Director, Cyber Education and Services at Quick Heal said, “We have alerted the government authorities well within time. If someone gets control over this massive data that is currently up for sale on DarkNet, the above-mentioned organisations and enterprises can get affected.”
For the uninitiated, a DarkNet can be best described as any overlay network that can be accessed only with specific software, configurations, or authorization, often using non-standard communications protocols and ports. Two typical darknet types are friend-to-friend networks (usually used for file sharing with a peer-to-peer connection) and privacy networks such as Tor.
Related Reading: What is Dark Web and How It Works
According to Seqrite, after they spotted the advertisement, they ran a detailed investigation, which revealed the identity of the affected organisation to be India’s national Internet registry IRINN (Indian Registry for Internet Names and Numbers) which comes under National Internet Exchange of India (NIXI).
Their next step was to bring Asia Pacific Network Information Centre (APNIC) and Indian government authorities up to catch with what had happened and recommend them to quickly alert all the potentially affected organisations to change their passwords and get their servers and systems patched with latest updates.
The security firm researchers also reveal that the hacker selling the data claims that he has the ability to tamper the IP allocation pool. If this indeed is true, it could end up causing a massive outage or Denial of Service (DoS) attack-like situation.
“This could impact various content delivery network (CDN) and hosting providers as well. If the hacker gets an interested buyer, then an attack on the system could disrupt Internet IP allocation and affect Internet services in India,” read the company statement.
Along with the access, the seller is also ready to give credentials and various contractual business documents. He also claims to be in the possession of a large database of Asia Pacific Network Information Centre (APNIC).
Yesterday, we reported how an IBM study had deduced that despite of having such talented workforce, India is still unprepared to protect itself if a cyberattack to the scale of ‘WannaCrypt’ or ‘Petya’ ever hits home turf.
According to a recent IBM study conducted by Ponemon Institute, while the average cost of a data breach in 2017 decreased by 10 per cent globally when compared to the 2016 figure, but for the Indian enterprises, it grew by 12.3 percent from Rs 97.3 million in 2016 to Rs 110 million in 2017.
This development was first reported in Firstpost.
[Image: Appknox ]