Information from servers of more than 6,000 Indian enterprises was reportedly put up for sale on dark net in one of the biggest data breach reported in the country. Seqrite, the enterprise arm of IT security firm Quick Heal, came across an advertisement on dark net which claims to have access to data from over 6,000 Indian businesses including government organisations, internet service providers, banks and enterprises, said an IANS report.
"We have alerted the government authorities well within time. If someone gets control over this massive data that is currently up for sale on DarkNet, the above mentioned organisations and enterprises can get affected," Rohit Srivastwa, Senior Director, Cyber Education and Services at Quick Heal, was quoted in the report.
The unidentified hacker behind the data leak has asked for 15 Bitcoins (around Rs 41.89 lakh) for the information and is even offering network takedown of these 6,000 organisations for an unspecified amount, mentioned Seqrite Cyber Intelligence Labs, and its partner seQtree InfoServices, in a statement.
"Along with the access, the hacker is also selling credentials and various contractual business documents and claims to have access to a large database of Asia Pacific Network Information Centre (APNIC)," the statement further said.
On detailed inspection, investigators found that the hackers have attacked Indian Registry for Internet Names and Numbers (IRINN), which comes under National Internet Exchange of India (NIXI). IRINN is the national internet registry agency which is tasked with coordinating IP address allocation, along with managing internet resources across the country.
According to researchers, the hackers claimed to have the ability to manipulate IP address allocation pool, which could trigger a serious outage or Denial of Service attack-like condition, said the IANS report.
"This could impact various content delivery network (CDN) and hosting providers as well. If the hacker gets an interested buyer, then an attack on the system could disrupt Internet IP allocation and affect Internet services in India," Seqrite said.
With IRINN under attack, key government enterprises including Unique Identification Authority of India (UIDAI), Defence Research and Development Organisation (DRDO), Indian Space Research Organisation (ISRO), Reserve Bank of India (RBI), Employees' Provident Fund Organisation (EPFO), State Bank of India (SBI), Bharat Sanchar Nigam Limited (BSNL), and several others now face the risk of data leaks, said the IANS report.
Bombay Stock Exchange (BSE), Idea Telecom, Flipkart, Aircel, TCS, and ICICI Prudential Mutual Fund are some of the major Indian organisations which have been threatened by this massive data breach, along with many others. Official websites of several Indian state government websites have also been put at risk.
To prevent any damage, Seqrite has urged government bodies as well as APNIC to alert potentially threatened organisations to be on the lookout for any signs of trouble. These bodies have also been asked to change their passwords and update security protocols for their servers and systems.