The report covers the national incidents of NIC bank heist, large scale government website compromise where 58 websites were hacked, compromise of department of passport’s website and use of cryptomining script in famous news portal Onlinekhabar where the website was hacked to inject a script that used visitors device to mine Monero cryptocurrency without their consent. Also various security issues that hit international cyberspace like the infamous ransomwares such as wannacry and petya, KRACK vulnerability in WPA2 protocol, Cloudbleed vulnerability that revealed private information from cloudflare’s reverse proxies and various large scale data breaches are discussed within the report.
An interesting segment of the report contains the analysis of security implementations and common web application vulnerabilities in the websites of A grade banks and payment gateways in Nepal. Many of these sites were found vulnerable to clickjacking and one of the site had a vulnerability so severe that it could allow for fraudulent fund transfer from logged in victim. In the case of general websites 11k+ Nepali(.np) domains were checked as per various test cases. 9 websites were found to be involved in cryptomining. The test cases checked for security malpractices and misconfigurations and also for websites that show signs of compromise.
A relatively uncharted space in context of Nepali cyberspace is the dark web. The report has an investigative analysis of the presence of Nepal in dark web for various nefarious purposes. Shockingly, drugs purportedly of Nepali origin were widely present in the drug markets. Further disturbing finding is that there were child pornography materials of Nepali origins. Discussions regarding Nepali orphanages in regards to sexual exploitation of children were also found in various forums.
The report analyses assets within Nepali cyberspace for two well-known vulnerabilities, HeartBleed and EternalBlue. Furthermore, assets and websites that show signs of compromise have also been included as a part of the report. For this, data of Nepali websites defaced in 2017 was collected from zone-h. And as for network devices, certain keywords that can be seen in hacked devices were searched for in shodan.
Also the report details the use of default credentials or no credentials at all in network devices and databases. Not surprisingly, many routers were found to be using default username and passwords. Also, some routers were found to be broadcasting their password in the banner. Many publicly accessible databases like mongodb, elasticsearch, mysql etc were found to be exposed without any authentication in place. Similar carelessness could be seen from developers using github as they were found exposing API keys in public repositories.
Another interesting part that is explored by the report is potential of data leakage from government websites. Government websites that contained confidential information of the citizens were found to have inadequate security measures in place. This section of the report details the potential source of data leakage and what kind of confidential data is prone to leakage.
Read full report at: https://threatnix.io/reports/2017/