Search This Blog

Showing posts with label Mumbai. Show all posts

MIDC’s Server Hacked, Threat to Destroy Data

 

The server of Maharashtra Industrial Development Corporation was hacked as of late. The ransomware 'SYNack' affected the applications and database servers facilitated at the MIDC headquarters in Mumbai by encrypting the information put away in these servers. Hackers have demanded Rs 500 crore, they have mailed a demand of Rs 500 crore on MIDC's official mail ID, sources said. 

The malware additionally tainted some desktop PCs across various office areas of the MIDC. The assailants had attached a ransom note giving details of the assault and the steps needed to be taken to approach them for decryption of information. Nonetheless, no sum was directly referenced in the ransom note, a statement given by the MIDC expressed. After the hack, every one of the 16 regional workplaces in the state, including the head office in Mumbai, has been shut down. 

The total data of all the industrial estates, entrepreneurs, government elements, and different plans identified with MIDC is accessible on an online system. The whole work has come to a halt since last Monday after the hack. The MIDC approached the police after which the Cyber Crime Police started their probe into the hacking incident, joint commissioner of police, crime, Milind Bharambe affirmed to the FPJ. 

 A statement issued by the MIDC read, "On Sunday, March 21, at around 2:30 AM, we received automated alerts that our applications were down. On further analysis during the day, the ransomware attack was confirmed. MIDC’s applications are hosted on ESDS cloud (services managed by ESDS, Cloud Service Provider) and local servers (managed by MIDC internal team). We have Trend Micro anti-virus license for end-point security monitoring. The details of the ransomware were shared with Trend Micro for further analysis." 

"As an immediate measure, the MIDC systems were disconnected from the network to contain the spread of the virus. The backup files for different application servers were stored on a different network segment on Cloud DC and were not infected. As per the recommendations from Cyber Security experts, several steps are being taken to control the spread of virus and minimize the impact," the statement read further.

Over Rs 6 lakh attempted attacks on Mumbai cloud server honeypot

At least 678,013 login attempts were made on Mumbai cloud server honeypot making it the second biggest attack spread over a month, after Ohio, US, honeypot that recorded more than 950,000 login attempts during the same time period, among a total of 10 honeypots placed globally, global cyber security major Sophos said on Wednesday. This demonstrates how cybercriminals are automatically scanning for weak open cloud buckets.

A honeypot is a system intended to mimic likely targets of cyberattackers for security researchers to monitor cybercriminal behaviour. The first login attempt on the Mumbai honeypot was made within 55 minutes and 11 seconds of going live.

On average, the cloud servers were hit by 13 attempted attacks per minute, per honeypot. The honeypots were set-up in 10 of the most popular Amazon Web Services (AWS) data centres in the world, including California, Frankfurt, Ireland, London, Mumbai, Ohio, Paris, Sao Paulo, Singapore, and Sydney over a 30-day period.

Sophos announced the findings of its report, Exposed: Cyberattacks on Cloud Honeypots.

With businesses across the globe increasingly adopting Cloud technology, the report revealed the extent to which businesses migrating to hybrid and all-Cloud platforms are at risk. It has thus become vital for businesses to ensure compliance and to know what to protect.

“The aggressive speed and scale of attacks on devices demonstrates the use of botnets to target an organisation’s cloud platform. In some instances, it may be a human attacker. However, regardless of this, companies need to set a security strategy to protect what they are putting into the cloud,” said Sunil Sharma, managing director, sales at Sophos (India & SAARC).

However, multiple development teams within an organization and an ever-changing, auto-scaling environment make this difficult for IT security.

Key features in Sophos Cloud Optix include:

Smart Visibility - Automatic discovery of organization’s assets across AWS, Microsoft Azure and Google Cloud Platform (GCP) environments, via a single console, allowing security teams complete visibility into everything they have in the cloud and to respond and remediate security risks in minutes.

Continuous Cloud Compliance – Keeps up with continually changing compliance regulations and best practices policies by automatically detecting changes to cloud environments in near-time.

AI-Based Monitoring and Analytics - Shrinks incident response and resolution times from days or weeks to just minutes. The powerful artificial intelligence detects risky resource configurations and suspicious network behaviour with smart alerts and optional automatic risk remediation