Tata Power hit by Cyber attack
By Arnold - SME Vulnerability Assessment
27
Mar
23
Top 5 API Pentest Tools 2023
APIs (Application Programming Interfaces) have become an integral part of modern software development. APIs enable software applications to communicate and share data with each other,…
23
Mar
23
CISA Alerts on Critical Security Vulnerabilities in Popular VPNs and Routers
The Cybersecurity and Infrastructure Security Agency (CISA) recently released an alert on critical security vulnerabilities in popular virtual private networks (VPNs) and routers. The alert…
22
Mar
23
New Shellbot DDoS Malware Targeting Linux Systems
A new variant of Shellbot malware has been discovered that is targeting Linux-based systems for launching Distributed Denial of Service (DDoS) attacks. The malware, which…
21
Mar
23
10 Mac OS Malware outbreaks 2023
The MacOS.T-Virus is a new malware that was discovered in 2023. It was first found in a software update for Apple's macOS operating system, which…
21
Mar
23
Chinese Hackers Exploit Fortinet Zero-Day Vulnerability: What You Need to Know
In recent news, Chinese hackers have been found exploiting a zero-day vulnerability in Fortinet, a multinational cybersecurity company. This exploit has the potential to allow…
14
Mar
23
Best Practices for Securing Remote Workers
With more people working from home than ever before, ensuring the security of remote workers and their devices is more important than ever. To secure…
13
Mar
23
The Role of Endpoint Security in Cybersecurity: A Technical Guide
Endpoint security is a critical component of any cybersecurity program. Endpoints, such as laptops, desktops, and mobile devices, are often the entry point for cyber…
09
Mar
23
How to Browse the Internet Anonymously with Whonix
Whonix is a free and open-source operating system focused on privacy and security. It is designed to run inside a virtual machine and route all…
09
Mar
23
The Importance of Vulnerability Management in Cybersecurity: A Technical Guide
In today's digital age, cybersecurity threats are more prevalent than ever. Hackers are constantly looking for vulnerabilities in software, networks, and systems to exploit for…
08
Mar
23
Protecting Your Business from Cyber Threats: A Comprehensive Guide to Cybersecurity Best Practices
Cybersecurity is a top concern for businesses of all sizes. In this blog post, we'll explore the best practices for protecting your business from cyber…
07
Mar
23
The Importance of Regular Cybersecurity Risk Assessments for Businesses
Regular cybersecurity risk assessments are essential for businesses to identify and mitigate potential security threats. In this blog post, we'll explore the importance of risk…
06
Mar
23
The Top Cybersecurity Threats Facing Businesses in 2023
In this blog post, we'll explore the top cybersecurity threats facing businesses in 2023 and provide actionable tips for protecting against these threats. From ransomware…
Tata Power hit by Cyber attack
The Indian power producing giant Tata Power has been the victim of a cyberattack. The Mumbai-based firm issued a short statement on Friday (14-10-2022) admitting that some of its IT systems had been affected by the hack. The organization is actively working to recover and restore the systems. It claimed in a filing PDF with local stock markets that while “all essential operational systems are functional,” it has restricted access to staff and customer-facing portals and touchpoints and implemented preventative inspections as a measure of excessive precaution.
Who was behind the attack?
On Tuesday, Hive claimed responsibility for the cyberattack and began to release the hacked data on their dark web forum.
Just over a year old, Hive is among the top three ransomware threats according to cybersecurity experts. It is known to target sectors like energy, healthcare, financial services, media, and education together with other ransomware affiliates.
Just over a year old, Hive is among the top three ransomware threats according to cybersecurity experts. It is known to target sectors like energy, healthcare, financial services, media, and education together with other ransomware affiliates.
Data hacked from Tata Power servers leaked on dark web
A packet of important data reportedly hacked from Tata Power servers on 14th October, was leaked on the dark web early Tuesday by Hive, (a ransomware gang).
The leaked data, included bank accounts of the company, bank statements as well as details of its employees including their remuneration and passport information. The leaked data also included details of the batteries used by Tata Power and diagrams of some of their grids.
A Tata Power spokesperson said that they did not have any comment to offer on the matter at this moment.
Cybersecurity experts who analyzed the leaked data called it a “massive” and “serious” breach.
The leaked data, included bank accounts of the company, bank statements as well as details of its employees including their remuneration and passport information. The leaked data also included details of the batteries used by Tata Power and diagrams of some of their grids.
A Tata Power spokesperson said that they did not have any comment to offer on the matter at this moment.
Cybersecurity experts who analyzed the leaked data called it a “massive” and “serious” breach.
What data are lost?
Philadelphia-based cybersecurity analyst Dominic Alvieri, said: “It appears as if every Tata bank account and October balance were released by Hive. Besides, a partial bank account list and Tata Power’s Excel spreadsheet for September, as well as employee passports, employee emails and various contracts are also included in the data.”
“We still are uncovering the extent of this data breach. However, the listing of stolen data suggests that details like Aadhar numbers, PAN numbers, salary details, address information, phone numbers etc. as well as engineering drawings, financial and banking records, client records and private keys are included. Such incidents reiterate the importance for organizations knowing where their critical data is stored and ensure they are adequately monitored and protected by enforcing an effect data-centric zero-trust strategy,” said Maheswaran Shanmugasundaram, country manager India, Varonis Systems, a NASDAQ-listed data security and analyst firm.
The global cybersecurity community has been tracking dark web chatter ever since Tata Power went public with its disclosure two weeks ago.
“The company has taken steps to retrieve and restore its systems. All critical operational systems are functioning. Restrictive access and preventive checks have been put in place for employees and customer facing portals and touch points,” Tata Power’s filing at the time stated.
Negotiations were reportedly underway between Hive and Tata Power for 10 days to retrieve the data. However, the talks reportedly broke down following which Hive started dumping the data on the dark web late on Monday night, US time, (around 6.30 am IST on Tuesday).
“We still are uncovering the extent of this data breach. However, the listing of stolen data suggests that details like Aadhar numbers, PAN numbers, salary details, address information, phone numbers etc. as well as engineering drawings, financial and banking records, client records and private keys are included. Such incidents reiterate the importance for organizations knowing where their critical data is stored and ensure they are adequately monitored and protected by enforcing an effect data-centric zero-trust strategy,” said Maheswaran Shanmugasundaram, country manager India, Varonis Systems, a NASDAQ-listed data security and analyst firm.
The global cybersecurity community has been tracking dark web chatter ever since Tata Power went public with its disclosure two weeks ago.
“The company has taken steps to retrieve and restore its systems. All critical operational systems are functioning. Restrictive access and preventive checks have been put in place for employees and customer facing portals and touch points,” Tata Power’s filing at the time stated.
Negotiations were reportedly underway between Hive and Tata Power for 10 days to retrieve the data. However, the talks reportedly broke down following which Hive started dumping the data on the dark web late on Monday night, US time, (around 6.30 am IST on Tuesday).
What should companies do to prevent such attacks in the future?
“The scale of the breach and the potential for exploitation of our citizen’s data is concerning. Vulnerabilities to critical infrastructure can be exploited to harm India by both State and non-State actors, especially from a social engineering standpoint. To prevent such exploits, organizations will need to embrace futuristic solutions that use artificial intelligence and machine learning to predict threats, like a nationwide cyber defense center to monitor critical infrastructure 24X7,” said Harshil Doshi, country manager (India and SAARC), Securonix, a cyber security and threat detection firm.
“This is a massive and serious data breach and is also an indicator of the growing menace of ransomware attacks. Organizations should also be more careful about data confidentiality and not upload such sensitive data on cloud-based servers,” Mumbai-based cyber expert Ritesh Bhatia said.
“This is a massive and serious data breach and is also an indicator of the growing menace of ransomware attacks. Organizations should also be more careful about data confidentiality and not upload such sensitive data on cloud-based servers,” Mumbai-based cyber expert Ritesh Bhatia said.
