Thursday, 30 June 2016

Shriram Life Insurance Servers Hacked?


Shriram Life Insurance Servers Hacked?


Hyderabad-based Shriram Life Insurance Company Limited, the arm of the Rs 90,000 cr. Shriram Group, is alleged to have suffered a data breach involving 50 GB of critical data, including customer credentials. This data is currently being dumped on the dark web by anonymous attackers, who say they intend to sell the data on the web for 50 bitcoins.


Information about the alleged breach was shared by hacking group, providing details of the hack and data extracted.

Screen Shot of the Extracted Data of Shriram Life Insurance

According to the information provided by one source who requested anonymity, attackers have hacked into all servers of the organization and the entire data, including customer data, has been extracted, amounting to over 50 GB.

"While the hackers' intentions are not clear, as there is no attempt made to demand ransom of any form, it is suspected that the attackers would have seized control of the computers and accessed the Intranet system by compromising IT administrators' computers using an infected application, and threaten that the data sourced will be sold for 50 bitcoins," says the source.

ISMG reached out to Shriram Life Insurance for confirmation of the incident but received no response. Meanwhile, one source who closely works with the insurance sector confirmed the breach, while two other independent sources also provided validation.

"I would not be surprised over Shriram Life Insurance group's server hack and compromise of accounts, as most of the critical data of many insurance companies are available on the dark web," says Dr. Triveni Singh of the special taskforce of UP Police. "Until the company registers a First Information Report, law enforcement agencies will not be able to carry out investigation, and in most cases companies refrain from approaching the police for fear of penalties being imposed."

Modus Operandi

While the modus operandi of sneaking into the company's internal systems is not known, according to the information received, entire customer credentials have been exposed, including contact numbers, email addresses, mailing address and nationality-related information.

The anonymous source believes this state of affairs may have existed for an extended period of time, certainly months. This was brought to the notice of top executives at Shriram Life Insurance, but there has not been any reaction whatsoever, the source says.

Security leaders believe that this could be an attempt by a group of hackers from the Middle East region, who carry out such targeted activity to tarnish the reputation of victim companies, with no serious cyber extortion demands. According to sources, these groups have been targeting Indian enterprises and in particular the BFSI sector to make quick money (see: Hackers Leak Data of 5 South Asian Banks) .

J. Prasanna, director, AVS Labs Pte Ltd and Cyber Security and Privacy Foundation Pte Ltd., who conducts vulnerability assessment and penetration tests across the insurance sector, suspects the hackers would have attempted to attack the intranet of the company via an infected application and some form of APT.

"In this form of attack, hackers would have spotted application vulnerability and infiltrated into all the servers and would have only shared sample data to divert the organization's attention to only patch the infected server," he says. "In my opinion, other severs will still be exposed to these hackers."

Bangalore-based C.N. Shashidhar, founder and CEO of SecuriT Consultancy Services LLP, says, "This hacking incident seems authentic, as I observe that the web server is infected with malware."

"My hunch is that in the absence of access to the underlying IT infrastructure or sources, an employee of that organisation most probably would have been a victim of a spear phishingattack or must have downloaded drive-bymalware by visiting an infected website," says Shashidhar.

Since the objective of the hackers is financial gain, they would have used this mode to cripple the organization and later decided to sell the information for bitcoins, he says.

According to security vendor reports, about 8.5 percent of Indian enterprises are affected by malware infections, and the insurance sector is one of the most targeted sectors. Recently, another insurance player, Cholamandalam Finance, was also a victim of hacking.

"The reason for this is low awareness among the board and C-level, as these companies do not have dedicated security teams working for them," says Shashidhar.

Dr. Singh agrees. "The management of these insurance companies is just focused on increasing sales and least bothered about protecting the customer credentials."

No comments:
Write comments