Recently, the National Data Center (NDC) server has experienced disruptions causing several public services such as immigration and others to be inaccessible to the public as usual. The Indonesians Ministry of Communication and Informatics confirmed that the disruption was caused by a ransomware attack.
According to kompas.com, the type of ransomware targeting PDNS is the latest variant, LockBit 3.0 Brain Chipper. This ransomware is more aggressive because it uses AES and RSA encryption to lock files, making them only accessible to the attackers.
In addition to encryption, LockBit 3.0 also extracts all sensitive files or data to threaten victims with publication if the ransom is not paid, thus creating dual pressure to force payment.
So, what exactly is the National Data Center (NDC) and why is NDC vulnerable to ransomware attacks, and what lessons can your business learn to be vigilant against similar attacks? Read more in the following article.
What is a National Data Center (NDC)?
The National Data Center (NDC) is a facility used to host, store, process, and recover data. The data stored in NDCs are used by both central and local governments to connect with each other, ensuring that various public services run smoothly and efficiently.
NDCs store critical information for Indonesian citizens, such as ID numbers, bank account numbers, phone numbers, and more. Given the importance of this data, maintaining its confidentiality and security is crucial.
What is Happening to the National Data Center Now?
Indonesia’s National Data Center (NDC) is currently under public scrutiny due to a cyberattack that caused services to be down for several days. Hackers managed to breach the NDC servers and demanded a ransom of US$8 million (approximately Rp130 billion) from the Indonesian government.
The National Cyber and Encryption Agency (BSSN) detailed the chronology of this breach. According to a preliminary forensic analysis, the attack started on June 17, 2024, at 11:15 PM, with an attempt to disable the internal security system of the PDN. This allowed malicious activities to go undetected.
As a result of this attack, the National Data Center’s (NDC) servers were disrupted, affecting more than 200 central and regional agencies in Indonesia. The attack also caused personal data breaches, including citizen ID numbers.
Why is the National Data Center Vulnerable to Cyberattacks?
The vulnerability of the Temporary National Data Center (PDNS) to cyber-attacks is caused by several factors such as:
1. Lack of Strong Security Governance
According to the BSSN, security governance is essential for helping businesses conduct thorough risk analysis, including security breach scenarios, potential actors involved, the probability of occurrences, and their impacts. Without comprehensive risk analysis, organizations cannot prepare for various threats.
2. Absence of an Effective Security Plan
According to the National Cyber Security Centre (NCSC), every organization needs an effective security plan to detect, defend against, and respond to cyber-attacks. Without a good security plan, organizations will struggle to quickly detect attacks and will lack structured emergency response or recovery procedures. This results in slow and ineffective responses to incidents.
3. Lack of Disaster Recovery and Business Continuity Plans
According to BSSN, many institutions, both governmental and private, do not have clear hacking scenarios and are unprepared with disaster recovery or business continuity plans. When an attack occurs, they often panic and lack structured steps to address the issue.
4. Insufficient Cyber Risk Assessment
According to BSSN many organizations in Indonesia, including PDNS, do not conduct adequate cyber risk assessments. As a result, they are unprepared for incoming threats and only react after a breach has occurred.
What Lessons Can Your Business Learn from This Incident?
Businesses need to be more concerned with Disaster Recovery and Business Continuity Plans. To prevent similar attacks on your company’s personal data, here are some integrated solutions you can use:
- Implement Strong Security Governance: Conduct regular risk analysis and update security scenarios
- Cyber Risk Assessment: Conduct regular cyber risk assessments to identify and fix vulnerabilities before attacks occur
- Security Tools and Procedures: Use tools that can effectively detect, prevent, and respond to attacks
- Disaster Recovery Plan: Prepare a clear and structured recovery plan
- Business Continuity Plan: Ensure there is a reliable business continuity plan
Most Recommended Data Center Security Solutions to Prevent Cyberattacks by Virtus’ Security Team
In response to increasingly sophisticated cyber threats, Virtus Technology Indonesia (VTI) offers comprehensive and integrated data center security solutions. Here are some key solutions offered to protect your data:
Isolated Backup (Huawei, Dell, and Rubrik)
Isolated Backup solutions offer an effective way to ensure data recovery reliability and security. By isolating backup data from the main network, risks of cyberattacks such as ransomware can be minimized.
- Key Features:
- Simple Setup Process: Quick and easy implementation, allowing integration without disrupting daily operations
- Easy Daily Operations: Intuitive and automated backup management, reducing IT team workload
- Immutable Snapshot Capability: Taken snapshots cannot be altered or deleted, ensuring backup data is always safe from unauthorized changes
- Recommended Tools:
- Huawei: Offers backup solutions with isolated storage technology and stringent data protection, ensuring data availability whenever needed
- Dell Technologies: Provides the Isolated Backup feature in the Dell Cyber Recovery Solution (CRS), designed to protect backup data from threats such as cyberattacks or malware by isolating those backups from the production network
- Rubrik: Backup solution with data immutability features and fast recovery, ensuring your data is always protected and accessible
SOC Visibility Triad: XDR, NDR, SIEM (Palo Alto Networks, Sophos, Trend Micro, Arista, Elastic, ExtraHop, OpenText)
The SOC Visibility Triad is a security framework that combines three key technologies to provide comprehensive visibility and rapid response to threats across networks and information systems. The main components of the SOC Visibility Triad are:
1. XDR (Extended Detection and Response) </h4>
XDR integrates data from various sources including endpoints, servers, email, networks, and cloud services to provide full visibility and deep threat analysis. With XDR, security teams can detect, analyze, and respond to threats more efficiently.
- Key Features:
- Multi-layer security integration
- Automatic correlation of data from various sources
- Faster and more accurate threat detection capabilities
- Recommended Tools:
- Palo Alto Networks: Using data from firewalls, endpoints, and cloud services for centralized analysis
- Sophos: Providing AI-based automatic detection and response based on correlated data that has been collected
- Trend Micro: Integrating data from endpoints, networks, and cloud services for unified response
- CrowdStrike: Offering advanced security systems that integrate detection and response from various data sources into a single console, enabling more effective threat monitoring and handling
2. NDR (Network Detection and Response)
NDR monitors network activities to detect suspicious behavior and provides real-time forensic analysis and network traffic insights, enabling quick identification of hidden threats.
- Key Features:
- Real-time network monitoring.
- Detection of anomalies and suspicious behaviors.
- Deep network forensics for incident investigations.
- Recommended Tools:
- Arista: Utilizes advanced network monitoring technology for deep visibility.
- ExtraHop: Uses real-time analytics for faster threat detection.
3. SIEM (Security Information and Event Management)
SIEM collects, analyzes, and correlates log data from various sources across the network to detect and respond to threats quickly. SIEM also assists in regulatory compliance by providing reports and audit trails.
- Key Features:
- Centralized log collection and analysis
- Incident correlation for better threat detection
- Support for security compliance and auditing
- Recommended Tools:
- Elastic: Enables powerful log searching and analysis
- OpenText: Provides comprehensive SIEM solutions for analysis and compliance
By leveraging tools like Elastic and OpenText for SIEM, Arista and ExtraHop for NDR, and Palo Alto Networks, Sophos, and Trend Micro for XDR, organizations can ensure their data and systems are protected from cyberattacks and security threats.
SASE (Zero Trust) (Palo Alto Networks, Forcepoint)
Secure Access Service Edge (SASE) applies the Zero Trust principle to secure access to resources in widely distributed environments. The Zero Trust concept rejects the assumption that users or devices within the internal network can be inherently trusted.
- Key Features:
- Strict Verification: Every access request is verified regardless of user/device origin or status
- Specific Access Rights: Access is granted only after identity verification, with access rights determined based on security needs and policies
- Security and Network Integration: Integrates security and networking functions into a cloud service
- Consistent Management: Ensures consistent application of security policies across distributed environments
- Performance Enhancement: Improves network access performance and speed
- Recommended Tools:
- Palo Alto Networks: Cloud-based SASE platform integrating security and networking, ensuring consistent protection for all users, whether at headquarters, branches, or remote locations
- Forcepoint: A SASE platform that provides secure access to applications and data anywhere, anytime, combining Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Zero Trust Network Access (ZTNA). It also includes Remote Browser Isolation (RBI), Content Disarm and Reconstruct (CDR), and Data Security (DLP)
IAM/PAM (Ivanti, OpenText)
Identity and Access Management (IAM) is a system managing digital identities and user access, ensuring only authorized individuals have specific resource access.
Privileged Access Management (PAM), a part of IAM, manages specific access for sensitive tasks to ensure security and prevent misuse of authority.
For businesses aiming to ensure optimal data security, IAM and PAM solutions from well-known and proven vendors like Ivanti and OpenText can be the best choice.
- Recommended Tools:
Ivanti
- Ivanti IAM: Manages identity lifecycle, Multi-Factor Authentication (MFA), and Single Sign-On (SSO)
- Ivanti PAM: Granular access control, activity monitoring, and privileged session management
OpenText
- OpenText IAM: Automates identity, security, compliance, and auditing, including cloud application integration
- OpenText PAM: Providing centralized and privileged user access management across the entire IT ecosystem to enhance security and simplify compliance processes
Vulnerability Management (Tenable)
Managed in the cloud and powered by Tenable Nessus, this solution provides comprehensive and real-time vulnerability assessment. It includes built-in prioritization and threat intelligence, enabling quick and efficient understanding and mitigation of risks.
Awareness Training (ThriveDX)
Before discussing Awareness Training from ThriveDX, let’s review the “Three Pillars of Cyber Security” principle: People, Process, and Technology. This fundamental concept states that effective cyber security requires a holistic approach that includes:
- People: Emphasizing the importance of training and security awareness for all system users
- Process: Establishing clear procedures and policies to manage and protect data
- Technology: Implementing appropriate technologies to detect, prevent, and respond to security threats
Currently, Awareness Training is crucial in strengthening the “People” pillar in cyber security. ThriveDX offers customizable training and phishing simulation solutions to test employees’ knowledge. With real-time dashboard and automated monthly reports, you can measure progress and enhance security awareness throughout the organization.
Awareness Training from ThriveDX is highly recommended for building a strong data security culture within your organization, helping employees identify and avoid potential cyber threats more effectively.
Read more: 10 Must-Have Cybersecurity Skills to Outsmart Cyber Crime
Patch Management (Ivanti, Quest)
Patch Management can help simplify your IT processes by securing and managing devices from a single console. This solution enhances security by automating patching policies, detecting and remedying vulnerabilities, and ensuring uninterrupted business operations.
Ivanti and Quest offer some of the best and most recognized Patch Management solutions in the field, providing advanced technology to protect systems from the latest vulnerabilities and cyber threats.
- Recommended Tools:
Ivanti
Automated Patching: Manages and applies patches automatically
Vulnerability Detection: Quickly identifies and fixes system vulnerabilities
Centralized Management: Controls all devices from a single console
Quest
- Comprehensive Patching: Patching solutions for various platforms and applications
- Audit and Compliance: Ensures system compliance with security policies and regulations
- Flexible Scheduling: Schedules patching according to business needs
With these solutions, Virtus ensures your data center is protected from various cyber threats, maintaining the security and operational continuity of your business.
Protect Your Business Data Center from Cyberattacks with Virtus’ Comprehensive Solutions
Supported by a competent and certified IT team, Virtus Technology Indonesia (VTI) will assist you through every process of implementing all data center security solutions for your business, from consultation, deployment, and management to after-sales support.
Consult your needs with Virtus now! For more information, contact our team by clicking here
Author: Ary Adianto
Content Writer CTI Group