Cyberattack Compromises National Data Centre in Indonesia
A massive cyberattack recently compromised Indonesia's national data centre. Cyber criminals demanded a hefty ransom of £6.3 million ($8 million) for the stolen data. Hundreds of Government agencies have been disrupted following the hack carried out by the notorious group LockBit.
Attack Impact and Disruptions
LockBit used a sophisticated malware known as LockBit 3.0 to breach Indonesia's cyber defences. This attack caused widespread outages, notably at immigration checkpoints. As a result, manual checks had to be performed, leading to long lines at airports nationwide. The Director-General of Immigration, Silmy Karim, expressed concerns: "Generally, technical problems can be resolved in one to three hours. When it exceeded six hours, we concluded it might be a cyberattack."
Government Response and Investigation
Hinsa Siburian, Head of the National Cyber and Crypto Agency, held a press conference on June 24th to discuss the attack's ramifications. "We are still investigating the forensic evidence obtained … this will be a lesson for us to strengthen mitigation so similar incidents do not recur in the future," he said. Despite the ransom demand, the Indonesian Government has refused to pay, focusing instead on resolving the issue. While some services, like airport immigration, have returned to normal, others are still impacted.
A Growing Threat
This cyberattack is not an isolated incident. In 2022, ransomware attackers targeted Indonesia's central bank, though public services remained unaffected. The previous year, a security flaw in the Indonesian health ministry’s COVID app exposed personal health information of 1.3 million people. These incidents highlight the urgent need for robust cybersecurity measures.
Who is LockBit?
LockBit operates on a ransomware-as-a-service model, selling its malicious software to affiliates. These attacks often involve operational disruption, extortion, data theft, and illegal publication. Thomas Richards, Principal Consultant at Synopsys Software Integrity Group, emphasized, "LockBit is a well-known cybercriminal organization targeting large businesses and governments. Their advanced malware makes it difficult to retrieve data without paying the ransom."
Earlier this year, Operation Cronos, led by the UK’s National Crime Agency (NCA), the FBI, and Europol, disrupted LockBit briefly. However, LockBit quickly restored its operations.
Protecting Critical Infrastructure
Anne Cutler, a cybersecurity expert at Keeper Security, stressed the importance of protecting critical infrastructure from cyberattacks as much as from physical threats. "The recent cyberattack on Indonesia’s national data centre is a stark reminder of this reality," Cutler noted. She highlighted that human error is a significant security risk, often involving stolen credentials, phishing, misuse, or simple mistakes.
Cutler advises adopting a zero-trust architecture with least-privilege access to minimize risks. Organizations must also implement security event monitoring and privileged access management software to manage accounts and handle passwords effectively. "By integrating a zero-trust framework, government leaders can better identify and react to cyberattacks, minimizing potential damage," said Cutler.
By following these guidelines, Indonesia and other nations can better protect their critical infrastructure from future cyber threats.
