NEW DELHI: The government’s nodal cyber security agency, CERT-In, which assessed the recent cyberattack on NHAI, has flagged significant gaps in the highway authority’s cyber security measures.
It found there were multiple attacks including some suspicious logins to NHAI’s virtual private network (VPN) using unauthorised user names from IP addresses in Taiwan and Hong Kong. The CERT-In has said this activity doesn’t appear to be related to the Maze ransomware attack and it was possible that it could be a separate effort at compromising the network.
The agency has said the analysis could not progress to determine the total extent of compromise as network firewall logs were not being maintained and there were no other perimeter security or security devices and event management system in place.
CERT-In has flagged the significant cyber security gaps in the NHAI system and recommended the authority and the major IT service provider to take immediate measures to address the gaps and enhance security. NHAI officials claimed they have taken corrective measures as recommended by CERT-In.
The cyberattack had infected multiple servers and PCs by Maze ransomware, which had resulted in complete shutdown of the systems for nearly 48 hours. The attackers had also compromised Windows Active Directory Server of NHAI network and subsequently compromised internal systems, mail server and anti-virus server.
The NHAI was advised to replace active directory servers, disable suspicious VPN accounts and block malicious IPs as immediate measures.
Sources said the CERT-In has said the cyber attackers had exfiltrated data and leaked sample data of two systems of NHAI in public domain. The released data included tax information, audit reports, passport copies, identity cards, assessment reports and other personally identifiable information and financial records of NHAI users.


Source link