India's CoVID vaccine data breach || The Verizon DBIR 2023
CyberInsights #98 - How not to respond to a security breach || The more things change, the more they remain the same...
CoWin Data Breach
Claims and counter-claims of a data breach
A data breach should be easy to identify, right?
No.
On the 12th of June, an Indian news website, The News Minute, published an article that India’s ‘CoWin’ app data was available for search on a Telegram bot.
‘CoWin’ is the Indian government’s app that was used to register for vaccinations during the peak of CoVID. It boasts of 200 crore vaccinations. Considering an average of 3 vaccines per person, the app contains data of at least 66 crore people - approximately 660 million records. The biggest data breach this year.
The Ministry of Health and Family Welfare, who manages CoWin, released a rather terse press release that said “It is clarified that all such reports are without any basis and mischievous in nature.”. Then it asked the Indian Computer Emergency Response Team (CERT-IN) to investigate the breach. Not the best Cyber Crisis Response.
When governments collect data centrally, they are creating an asset that will be attacked. Protecting data of citizens is a core responsibility of such apps / websites. The Indian government has been at the receiving end of attacks for their large data sets, including the Aadhar data breach in 2018.
Take Action:
If you are a resident of India and have used the CoWin website or app to facilitate vaccination, your data is likely to be available for sale. While you cannot do anything about the data being available for sale, make sure you do the following:
Login to the UIDAI portal and ensure that you lock the Aadhar biometrics.
Watch out for any suspicious SMS messages that contain OTPs for transactions that you did not initiate. It could be someone trying to make use of your leaked data.
Inform people in your organisation of the above two points (send out an advisory)
Verizon release their annual Data Breach Information Report (DBIR)
Ransomware and Business Email Compromise grow fast
The Verizon Data Breach Investigation Report is an annual staple. Every year, Infosec professionals wait for the latest on breach trends and the report offers interesting insights.
The 2023 version is no different.
Here are a few key takeaways from the report:
Business Email Compromise has doubled
83% compromises are external
Stolen Credentials, Phishing & Vulnerability exploitation are the top 3 ways attackers get into systems
94.6% of attackers motives are financial. 70% of these are by organised crime groups
Four fold increase in the number of breaches involving cryptocurrency.
DoS and Web Applications incidents are the most common
Log4j scanning was still very prevalent in 2022
The incident data is skewed as usual with the US reporting 9036 incidents, EMEA reporting 2557 incidents, APAC reporting 699 and LAC reporting 535 incidents.
Take Action:
As an Infosec professional, this is probably the most important report of the year for analysis. If you do not know what to do with this data, I recommend reading a few books on Cyber Risk Quantification or attending a course (my organisation conducts one regularly). It will give you the tools to use for using the data for your organisation’s risk assessment.
Look up the actual data on Github.