21 August 2024

Ransomware attack on Indian payment system traced back to Jenkins bug

Jonathan Greig

Ransomware attack on Indian payment system traced back to Jenkins bug

Researchers have discovered that a damaging ransomware attack on a digital payment system used by many of India’s banks began with a vulnerability in Jenkins — a widely used open-source automation system for software developers.

Juniper Networks published a study this week analyzing how the attackers abused CVE-2024-23897, a vulnerability in the Jenkins Command Line Interface, which helps developers interact with the system.

On July 31 the National Payments Corporation of India (NPCI), an umbrella organization for all retail payment systems in India, said it was dealing with a disruption caused by a ransomware attack on a third-party tech provider.

The technology provider, C-Edge Technologies, caters to regional rural banks, and in an effort to contain the effects, NPCI isolated the company from accessing retail payment systems operated by NPCI. Customers of C-Edge were not able to access payment systems as restoration efforts began.

Services were restored one day later but the RansomEXX ransomware gang eventually took credit for the attack last week — writing on its leak site that it stole 142 GB from a digital payment platform connected to C-Edge.

Juniper Networks analyzed the report that NPCI submitted to the Indian Computer Emergency Response Team. The researchers said the attack illustrated the need for organizations to apply security patches as soon as possible and resolve server misconfigurations to ensure security flaws cannot be exploited.


No comments: