Rewterz Threat Intel – CVE-2023-32465 – Dell Power Protect Cyber Recovery Vulnerability
June 16, 2023Rewterz Threat Intel – CVE-2023-0010 – Palo Alto Networks PAN-OS Vulnerability
June 16, 2023Rewterz Threat Intel – CVE-2023-32465 – Dell Power Protect Cyber Recovery Vulnerability
June 16, 2023Rewterz Threat Intel – CVE-2023-0010 – Palo Alto Networks PAN-OS Vulnerability
June 16, 2023Severity
High
Analysis Summary
NIFT, the National Institutional Facilitation Technologies, claimed to have experienced a severe cyber attack resulting in the complete shutdown of both their data centers in Karachi and Islamabad. The attack had a significant impact on their operations, prompting NIFT to conduct a thorough analysis of the server and assess the damage caused by the attack. They are currently reviewing the data in an effort to recover the compromised information.
Despite the attack, NIFT managed to complete the processing of outward clearing transactions from the previous day and updated the inward clearing bags for the current day. However, they have decided to temporarily halt the clearing process for today’s physical cheques. This cautious measure is in place until they can consolidate the situation and successfully recover the data and images affected by the cyber attack.
Snapshot taken from external source:
To ensure continuity of operations and minimize disruption to their customers, NIFT is taking proactive steps. They are activating their Business Continuity Plan (BCP) sites in Karachi and Lahore, which will assist in recapturing the clearing data from the previous day if deemed necessary.
The exact attribution and motivation behind the cyber attack on NIFT Pakistan remain unclear at this stage. Further investigation is required to determine the responsible party and their objectives, whether they are financially motivated, state-sponsored, or driven by other malicious intent.
NIFT is actively engaged in analyzing the impact of the cyber attack on their server infrastructure. They are conducting a thorough review of the servers to determine the extent of the breach and assess the potential loss of data and images. This analysis is critical to understanding the scope of the attack and initiating appropriate remediation measures.
In terms of communication, NIFT acknowledges the importance of keeping stakeholders informed. They have assured stakeholders that they will provide updates regarding the recovery process, resumption of clearing operations, and the status of data recovery. Timely and transparent communication will help manage expectations and maintain trust among customers, employees, and other relevant parties.
Moving forward, NIFT should focus on their incident response efforts, working closely with cybersecurity experts, forensic analysts, and IT professionals to identify the root cause of the attack, contain any potential threats, and restore the functionality of their data centers. Implementing robust data backup and recovery mechanisms, fortifying cybersecurity defenses, and developing a comprehensive incident communication plan will further enhance their resilience against future cyber threats.
Impact
- Operational Disruption
- Clearing Process Delay
- Reputational Damage
Remediation
- Ensure that the connected systems follow established banking security practices or information security policies. This includes implementing strong access controls, regular patch management, encryption mechanisms, and secure configurations to protect sensitive data.
- Identify the specific extranet segment connections that are established with NIFT and review their security configurations. Implement network segmentation to isolate critical systems from potential threats originating from external networks.
- Perform a thorough review of system flows on the systems connected with NIFT. This includes analyzing network traffic, application communication, and data transfers to identify any abnormal or unauthorized activities.
- Endpoint Detection and Response (EDR) and Security Information and Event Management (SIEM) systems should be in place to centralize log management, event correlation, and analysis. Verify that SIEM solutions are integrated with connected systems, collecting relevant security logs, and generating alerts for suspicious activities or potential security incidents.
- If VPN connections are utilized to establish end-to-end connectivity with NIFT, ensure that the VPN infrastructure is properly configured, using strong encryption protocols, and enforcing secure authentication mechanisms. Regularly review and update VPN configurations, monitor VPN logs for any suspicious activities, and promptly address any identified vulnerabilities.
- NIFT should continue to prioritize their incident response efforts, coordinating with cybersecurity experts, forensic analysts, and IT professionals to identify the root cause of the attack, contain any potential threats, and restore their data centers’ functionality.
- Ensure that robust data backup mechanisms are in place, regularly tested, and securely stored. Implement a thorough data recovery strategy to minimize potential data loss and expedite the restoration process.
- Conduct a comprehensive review of existing cybersecurity measures, including network security, access controls, and intrusion detection systems. Enhance these defenses to prevent future cyber attacks and fortify the organization’s overall security posture.
- Develop and implement an effective incident communication plan to keep stakeholders, including customers, employees, and relevant authorities, informed about the progress of recovery efforts, expected timelines, and any necessary precautions to be taken.