Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Hackers exploited discontinued web server at Tata Power: Microsoft

Hackers exploited discontinued web server at Tata Power: Microsoft

Hackers exploited discontinued web server at Tata Power: Microsoft

 Hive claims responsibility for Tata Power data leak
Hive claims responsibility for Tata Power data leak

Microsoft has warned that state-sponsored hackers are attacking critical energy infrastructure in India via exploiting a discontinued web server, with the most recent attack it observed was on Tata Power in October.

Microsoft security researchers discovered a vulnerable open-source component in the “Boa web server” still being used in routers, security cameras and popular software development kits (SDKs), despite its retirement in 2005.

Tata Power last month admitted it was hit by a cyberattack on its IT infrastructure. The power company, however, said that all its critical operational systems were functioning normally.

The cyberattack on Tata Power was the handiwork of Hive ransomware group that has victimised over 1,300 companies worldwide, receiving approximately $100 million in ransom payments, according to a joint advisory by the FBI, the US Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services last week.

Microsoft said it continues to see attackers attempting to exploit Boa vulnerabilities, indicating that it is still targeted as an attack vector.

A report published by cybersecurity company Recorded Future in April this year first detailed suspected electrical grid intrusion activity and implicated common IoT devices.

While investigating the attack activity, Microsoft researchers assessed the vulnerable component to be the now-retired Boa web server, which is often used to access settings and management consoles and sign-in screens in devices.

“Without developers managing the Boa web server, its known vulnerabilities could allow attackers to silently gain access to networks by collecting information from files,” said the tech giant.

Moreover, those affected may be unaware that their devices run services using the discontinued Boa web server, and that firmware updates and downstream patches do not address its known vulnerabilities.

“Microsoft assesses that Boa servers were running on the IP addresses on the list of IOCs published by Recorded Future at the time of the report’s release and that the electrical grid attack targeted exposed IoT devices running Boa,” said the security researchers.

Tata Power Company had said that some of its IT systems were impacted by the cyberattack.

According to Microsoft, the popularity of the Boa web server displays the potential exposure risk of an insecure supply chain, even when security best practices are applied to devices in the network.

“In critical infrastructure networks, being able to collect information undetected prior to the attack allows the attackers to have much greater impact once the attack is initiated, potentially disrupting operations that can cost millions of dollars and affect millions of people,” it added.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket