|
|
|
Hackers exploited discontinued web server at Tata Power: Microsoft
|
|
|
|
Top Stories |
|
|
|
|
IANS | 24 Nov, 2022
Microsoft
has warned that state-sponsored hackers are attacking critical energy
infrastructure in India via exploiting a discontinued web server, with
the most recent attack it observed was on Tata Power in October.
Microsoft security researchers discovered a vulnerable
open-source component in the "Boa web server" still being used in
routers, security cameras and popular software development kits (SDKs),
despite its retirement in 2005.
Tata Power last month admitted it
was hit by a cyber attack on its IT infrastructure. The power company,
however, said that all its critical operational systems were functioning
normally.
The cyber attack on Tata Power was the handiwork of
Hive ransomware group thatAhas victimised over 1,300 companies
worldwide, receiving approximately $100 million in ransom payments,
according to a joint advisory by the FBI, the US Cybersecurity and
Infrastructure Security Agency, and the Department of Health and Human
Services last week.
Microsoft said it continues to see attackers
attempting to exploit Boa vulnerabilities, indicating that it is still
targeted as an attack vector.
A report published by cybersecurity
company Recorded Future in April this year first detailed suspected
electrical grid intrusion activity and implicated common IoT devices.
While
investigating the attack activity, Microsoft researchers assessed the
vulnerable component to be the now-retired Boa web server, which is
often used to access settings and management consoles and sign-in
screens in devices.
"Without developers managing the Boa web
server, its known vulnerabilities could allow attackers to silently gain
access to networks by collecting information from files," said the tech
giant.
Moreover, those affected may be unaware that their
devices run services using the discontinued Boa web server, and that
firmware updates and downstream patches do not address its known
vulnerabilities.
"Microsoft assesses that Boa servers were
running on the IP addresses on the list of IOCs published by Recorded
Future at the time of the report's release and that the electrical grid
attack targeted exposed IoT devices running Boa," said the security
researchers.
Tata Power Company had said that some of its IT systems were impacted by the cyber attack.
According
to Microsoft, the popularity of the Boa web server displays the
potential exposure risk of an insecure supply chain, even when security
best practices are applied to devices in the network.
"In
critical infrastructure networks, being able to collect information
undetected prior to the attack allows the attackers to have much greater
impact once the attack is initiated, potentially disrupting operations
that can cost millions of dollars and affect millions of people," it
added.
|
|
|
|
|
|
|
|
|
|
|
|
|
Customs Exchange Rates |
Currency |
Import |
Export |
US Dollar
|
66.20
|
64.50 |
UK Pound
|
87.50
|
84.65 |
Euro
|
78.25
|
75.65 |
Japanese
Yen |
58.85 |
56.85 |
As on 13 Aug, 2022 |
|
|
Daily Poll |
|
|
PM Modi's recent US visit to redefine India-US bilateral relations |
|
|
|
|
|
Commented Stories |
|
|
|
|
|
|
|
|