NEW DELHI: The government’s nodal cyber security agency, CERT-In, which assessed the recent cyberattack on NHAI, has flagged significant gaps in the highway authority’s cyber security measures.
It found there were multiple attacks including some suspicious logins to NHAI's virtual private network (VPN) using unauthorised user names from IP addresses in Taiwan and Hong Kong. The CERT-In has said this activity doesn’t appear to be related to the Maze ransomware attack and it was possible that it could be a separate effort at compromising the network.
The agency has said the analysis could not progress to determine the total extent of compromise as network firewall logs were not being maintained and there were no other perimeter security or security devices and event management system in place.
CERT-In has flagged the significant cyber security gaps in the NHAI system and recommended the authority and the major IT service provider to take immediate measures to address the gaps and enhance security. NHAI officials claimed they have taken corrective measures as recommended by CERT-In.
The cyberattack had infected multiple servers and PCs by Maze ransomware, which had resulted in complete shutdown of the systems for nearly 48 hours. The attackers had also compromised Windows Active Directory Server of NHAI network and subsequently compromised internal systems, mail server and anti-virus server.
The NHAI was advised to replace active directory servers, disable suspicious VPN accounts and block malicious IPs as immediate measures.
Sources said the CERT-In has said the cyber attackers had exfiltrated data and leaked sample data of two systems of NHAI in public domain. The released data included tax information, audit reports, passport copies, identity cards, assessment reports and other personally identifiable information and financial records of NHAI users.
It found there were multiple attacks including some suspicious logins to NHAI's virtual private network (VPN) using unauthorised user names from IP addresses in Taiwan and Hong Kong. The CERT-In has said this activity doesn’t appear to be related to the Maze ransomware attack and it was possible that it could be a separate effort at compromising the network.
The agency has said the analysis could not progress to determine the total extent of compromise as network firewall logs were not being maintained and there were no other perimeter security or security devices and event management system in place.
CERT-In has flagged the significant cyber security gaps in the NHAI system and recommended the authority and the major IT service provider to take immediate measures to address the gaps and enhance security. NHAI officials claimed they have taken corrective measures as recommended by CERT-In.
The cyberattack had infected multiple servers and PCs by Maze ransomware, which had resulted in complete shutdown of the systems for nearly 48 hours. The attackers had also compromised Windows Active Directory Server of NHAI network and subsequently compromised internal systems, mail server and anti-virus server.
The NHAI was advised to replace active directory servers, disable suspicious VPN accounts and block malicious IPs as immediate measures.
Sources said the CERT-In has said the cyber attackers had exfiltrated data and leaked sample data of two systems of NHAI in public domain. The released data included tax information, audit reports, passport copies, identity cards, assessment reports and other personally identifiable information and financial records of NHAI users.
Download
The Times of India News App for Latest India News
Coronavirus outbreak
Trending Topics
LATEST VIDEOS
India
PM Narendra Modi mourns former cricketer Chetan Chauhan's death 
India sends 30 tonnes of technical equipment and material to Mauritius to help deal with oil spill 
Sanjay Raut cites Russia to take jibe at Modi govt's 'aatmanirbhar' push 
Caught on cam: Shops collapse in Dehradun due to continuous downpour 
Study reveals most parents nervous to take their kids for vaccinations due to COVID-19 
Vaishno Devi Yatra resumes
More from TOI
Navbharat Times
Featured Today in Travel
Quick Links
Coronavirus in MumbaiCoronavirus in KolkataCoronavirus in HyderabadCoronavirus in DelhiCoronavirus in BangaloreCoronavirus symptomsCoronavirus in IndiaWhat is CoronavirusCoronavirus NewsSolar EclipseNPRWhat is NRCCAB BillCAB and NRCRTI BillPodcast newsLok SabhaShiv SenaYSRCPCongressBJP newsUIDAIIndian ArmyISRO newsSupreme Court
Get the app