The Focus – Information Security
Any business having a presence in the Digital Space can always fall prey to Hackers. A small vulnerability could cause a very big harm to our systems with adverse after effects and even huge data loss. All companies, irrespective of their sizes, have to ensure that they have got tight cybersecurity protocols and do follow all the standards prescribed for handling different types of data.
On a daily basis, we do witness a lot of unwanted and junk emails flowing seamlessly to our official mail IDs, even after having multiple layers of SSL. Our Team of Information Security Engineers are contributing a lot in strengthening our security measures and always keep up to date with ISO standards.
The Smart Hacker’s Play
Very recently, our team has witnessed a serious security breach in the systems of one of our customers. One fine morning we received alerts from an AWS account of our customer mentioning a huge volume of resources created in multiple regions. While checking the account, we also confirmed the same and observed that the resources were created in 15 regions using a cloud formation stack. Our Information Technology Operations and Information Security Operations Team has quickly pulled up their socks and proactively addressed the issue without affecting any of our systems and prevented data loss.
The Smart Counter Attack
Our Team of AWS Engineers and Information Security Analysts has been quintessential in this activity. They have done the due diligence very quickly and acted smartly, as follows:
• Changed the Root Account Password (Very important and crucial action).
• Verified all service user accounts and ensured that they don’t have administrative privileges.
• Removed all the stacks created by the hacker to destroy the resources.
• Restored database and Ec2 Instances from the previous day’s backup.
• Disabled all possible zones that are not in use.
Digging the Roots
We discovered that the Secret and Access keys of the root account were being used in the application code and were unfortunately exposed on GitHub. We conducted a comprehensive analysis of the user privileges required for the application to function properly and have assigned only the necessary permissions to the IAM user, ensuring they are fully secured.
Risk Mitigation and Business Continuity
As we always emphasize, ‘Prevention is better than cure.’ Staying vigilant and adopting proactive precautionary measures in line with industry standards and security protocols can help us mitigate potential risks. However, there may be instances where we must learn from our mistakes and implement new risk mitigation strategies. While risks are unavoidable, practicing risk aversion is essential, with a strong focus on maintaining business continuity.
