NEW DELHI: Bengaluru-based cyber security firm CloudSEK has recently found serious vulnerabilities in India’s critical infrastructure, which includes gas, water supply as well as security installations. The firm not only helped the Indian agencies fix these loopholes but also highlighted how the country’s critical infrastructure is more vulnerable to cyber attacks than previously thought.
CloudSEK in its recent study – “Abysmal State of Global Critical Infra Security” highlighted how vulnerabilities can compromise critical infrastructure, enable dangerous misinformation campaigns, endanger water-treatment systems, and weaponize gas distribution systems.
The report examined the risk of cyber attacks on gas, water, and government services around the world and determined that they were extremely dangerous. In fact, India had the world’s highest number of easily hackable water-treatment systems. A hacker can jeopardise systems that affect a large population by exploiting a flaw in its software.
The water quality monitoring software was discovered to be installed using a default manufacturer’s credentials, allowing attackers to adjust water supply calibrations, halt numerous crucial activities treating the water, and even manipulate the chemical composition of the water.
“We had alerted all the private and government agencies two months before and they have fixed the vulnerabilities,” said Sparsh Kulshrestha, Senior Security Analyst, CloudSEK and author of the report.
WATCH – Sparsh Kulshrestha Explain Findings Of His Reports
CloudSEK, founded in 2015, develops AI-powered solutions for detecting, analysing, and alerting entities to threats from the surface, deep, and dark webs. Their mission is to create machines capable of enabling digital security through learning and evolution. It received the Cybersecurity Award at Nasscom Emerge 50 2020 in 2020.
The leading reason behind this vulnerability of critical installations is human error.
Other common blunders that invited cyber attacks included weak, default, or obvious passwords, outdated versions of installed software, and third-party vendor data leaks.
Thirty of the 47 instances of using default credentials was related to some of the world’s major dams and water sources, which are responsible for supplying drinking water to major cities around the world.
Another serious security flaw was the discovery of the credentials to the Indian government’s mail server hard-coded into the source code.
As a result, the hackers were able to send emails impersonating official agencies and propagating falsehoods. This might potentially lead to users falling victim to phishing assaults.
“The biggest issue is with shadow IT,” Kulshrestha explained. Shadow IT occurs when a company or entity fails to effectively track its IT assets.
It is an umbrella term that refers to the common mistake made by people who believe that by not linking an IP address (a string of numbers) to a DNS (an easily identifiable URL such as company.com), they can ensure that the webpage is hidden from the general public.
“There are websites that index IP addresses and they are easily found,” Kulshrestha explained. Anyone who wants to find the webpage can do so by running a search on the index and comparing the IP address to it.
It is how the CloudSEK team discovered the login page for a central government dashboard that provided users with access to surveillance videos of critical facilities. Worse, the login credentials (username and password) were clearly visible and even saved on the page. All the user had to do was click the login button, and the visuals would appear on the screen.
“Because the dashboard monitors in real-time CCTV footage of critical services across all Indian states, attackers can use it to surveil their targets,” according to the report.
Furthermore, the flaw could have been exploited as a point of entry to “provide initial access to the network and enable further lateral movement.”
CloudSEK’s report provided additional harrowing examples of vulnerable systems across the country.
Another example was of a GitHub repository containing the credentials to the Indian government’s mail server.
A hacker could have used the credentials to gain access to the government server and send emails impersonating government entities. This could have been used for malicious social-engineering campaigns, disseminating misinformation, or even sending a phishing email.
In addition to raising awareness among government and private entities, the report recommended real-time monitoring of Internet-exposed OT applications, leaked credentials across GitHub and other repositories, underground forums for threat actors targeting OT systems, patches and work-arounds for vulnerabilities, and unsecured cloud storage.
Follow The420.in on