banner

Backstory

The threat-hunting team at Zeron discovered something intriguing on October 21, 2022, while scouring the internet for exposed data. The threat-hunting lead had discovered an IP address that was home to a “Open Distro.”

The Discovery

However, we made every effort to identify the website’s server and administrator before signing in. We learned that it’s one of the top MSSPs in charge of several banks’ SOCs.

What if I told you that we were successful the first time we tried to log in?

YES ! ON OUR VERY FIRST ATTEMPT, WE WERE ABLE TO LOG INTO THE SOC DASHBOARD.

You may be wondering how we managed to log in.

Apparently, they were using a default username and password that won’t be revealed in the blog. However, what we discovered later as a result of this was really alarming.

On October 21 at 9:30 p.m., 198 systems from one of India’s biggest banks were made live and visible in front of us. Every system, and each operation carried out within those systems subject to a minute-by-minute investigation could be monitored by us. 

We made an effort to keep an eye on events, and we discovered that new systems were being introduced gradually as well. There were 224 systems by midday, the subsequent day. We were concerned that if this data ended up in the wrong hands, the consequences would be extremely costly and damaging for the bank and its customers thereby tarnishing the reputation of the bank.

The Responsible Disclosure

We immediately decided on a responsible disclosure to the bank. Through appropriate correspondence and with appropriate supporting documentation, we approached their CIO/CISO. On the evening of October 22, 2022, at about 7:30 PM, we mailed them.

We received a call from their head of cyber defence around 9:30 pm. By that point, the bank’s whole security crew had witnessed a setback and was in a panic.

Mitigation

However, We advised them to maintain their composure and assured them of our assistance in limiting this risk. We supported them at every turn until the situation was resolved. On October 23 at 12:30 AM, everything was taken down.
Huge reputational, legal and financial repercussions would have resulted from the data getting into the wrong hands.

Zeron's Mission

We at Zeron pledge to make the cyber security posture of organisations more mature through our platform Zeron and will continue to support organisations so that the nation as a whole becomes better in terms of cybersecurity posture.

Leave a Reply

Your email address will not be published. Required fields are marked *