An unidentified hacker is attempting to sell information pertaining to more than 6,000 Indian enterprises on a DarkNet forum. Researchers at Seqrite, the enterprise security brand of IT security firm Quick Heal, found an advertisement for the data on DarkNet. As of this writing, whoever is behind the posting is currently offering the information, which includes corporate usernames, passwords, and billing documents, for sale at 15 Bitcoins (more than $63,000). They're also advertising their ability to conduct a network takedown of any of the affected organizations for an unspecified amount, an attack which could cause "mass disruption if a non-state actor gets [their] hands on [the data]." Government agencies, banks, and businesses appear to be at risk. The list of implicated organizations include the Bombay Stock Exchange (BSE), Idea Telecom, and the Reserve Bank of India.
A screenshot of the DarkNet ad. (Source: Seqrite) Following an investigation, Seqrite's researchers now believe the unknown hacker struck the Indian Registry for Names and Numbers (IRINN), which falls under the National Internet Exchange of India (NIXI). IRINN manages the allocation of IP addresses and autonomous system numbers in India. The researchers are therefore troubled by the hacker's claim that they can tamper with the IP allocation pool and cause a denial-of-service (DoS) condition. As they told Firstpost:
"This could impact various content delivery network (CDN) and hosting providers as well. If the hacker gets an interested buyer, then an attack on the system could disrupt Internet IP allocation and affect Internet services in India."
IRINN has yet to publicly confirm whether it suffered a hacking attack at this time. Seqrite has notified government organizations about the advertisement. It's also urging organizations to follow best security practices so that they can protect their systems against unauthorized access. Those recommendations include changing their server passwords and implementing all software updates. For information on how Tripwire can help strengthen your organization's vulnerability management processes, please click here. News of this advertisement follows more than two years after ICANN revealed that it had fallen victim to an attack during which the details of users who had created profiles on the organisation’s public website were exposed.
