Tuesday, November 21, 2023

Cyber incident, precautions and measures

 The second cyber security incident has occurred at ALight Technology And Services Limited

In January of 2022 the first incident occurred i.e someone was able to gain access to VPN, the VPN connection was terminated immediately within 2 minutes.

The second incident happened recently i.e someone went a little deeper and gained access to linux server hosting https://www.alightservices.com/. Fortunately, WebVeta server, this server, WebVeta database are isolated. No major damage was done. The breached VM was isolated, a new VM from backup was restored.

Based on existing measures, someone might have done MITM attack on top of a VPN connection.

The incident has been reported with the ICO - https://ico.org.uk/.

Further precautionary measures are being done.


Here is a possibility of what might have happened:

Recently due to certain reasons, I had to access Azure portal over a weaker VPN instead of my own customized secure version of OpenVPN. 

The attacker might be interception encrypted traffic.

I logged in into Azure portal - if cookies were stolen, session hijacking could happen.

I resetted SSH keys and downloaded the .pem file - this was somehow intercepted.

Then they were somehow able to intercept SSH connection and were able to pass some commands, because I have some monitoring and alerts for SSH logins. These people did NOT login but were somehow able to pass some commands - very sophisticated attack. 

Here is the comedy of the situation - my startup did not even generate any revenue over the past 2.5 years. Yet, my startup has been targeted. The attackers are attacking for a different reason - identity theft. I have been going through trouble for over the past 5 - 6 years. I even canceled my LifeLock. Identity for covering up either money laundering or someone working illegally overseas.


I am developing some more additional security measures for detecting, any such activities i.e custom solution for resetting SSH keys, stronger SSH keys etc.. In my solution, public key travels over the wire, but private key remains on the computer. I don't want to risk session hijacking for the entire Azure portal, based upon my most frequent activities, I might either create a restricted user or do some custom development.

One big problem with Azure portal is the session being valid for multiple Microsoft services. If I login into portal using any @outlook.com email, Azure portal would be accessible, outlook.com would be accessible and any other such as office etc... Drawbacks of SSO.



Do NOT believe the propaganda of Bojja Srinivas (was a friend), Mukesh Golla (was a friend), uttam, diwakar, e, e.s, ass, zinnabathuni, bhattaru, thota, bandhavi, veera, ester etc... from whatever LI(n)E group - they are just stalkers / shadows / impersonators / hackers.





I don’t have any fake aliases, nor any virtual aliases like some of the the psycho spy R&AW traitors of India. NOT associated with the “ass”, “es”, “eka”, “ok”, “okay”, “is”, erra / yerra karan, kamalakar, diwakar, kareem, karan, erra / yerra sowmya, erra / yerra, zinnabathuni, bojja srinivas (was a friend and batchmate 1998 – 2002, not anymore – if he joined Mafia), mukesh golla (was a friend and classmate 1998 – 2002, if he joined Mafia), erra, erra, thota veera, uttam’s, bandhavi’s, bhattaru’s, thota’s, bojja’s, bhattaru’s or Arumilli srinivas or Arumilli uttam(may be they are part of a different Arumilli family – not my Arumilli family).



at
Labels:
Location: Visakhapatnam, Andhra Pradesh, India

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

WebVeta Update: Enhancements and Breaking Change

    As part of ongoing effort to improve WebVeta, I have been implementing a significant update that is now being rolled out in phases over ...