Temporary National Data Center Ransomware Attack Reflects Indonesia’s Weak Cyber Security System

• 30 Juni 2024 01:16:20

• Views: 4

---

Disclaimer: This article is an editorial that highlights the problems in Indonesia today

PIKIRAN RAKYAT - The cyber attack of the LockBit 3.0 brain cipher ransomware has breached the crucial data of the Indonesian Temporary National Data Center (PDNS) 2 in Surabaya, reflecting the vulnerability of cyber data security conditions in the country.

The Indonesian government is considered to be far too careless, simplifying the issue by claiming it as some sort of error. They were expected to be more transparent in recognizing and admitting the weaknesses of the backup data, which is an important factor in the recovery of a system.

Ransomware is malware that can lock computer data with encryption. In most cases around the world, the cybercriminal will blackmail the victim into paying a sum of ransom they had asked for. In the attack that happened to PDNS 2 last week, the ransomware locked the data and asked for a ransom of USD 8 million, or approximately 131,2 million Rupiah.

Information and Technology Surveyor, Christianto Tjahyadi, predicts that the scale of this ransomware attack can result in an immeasurable impact exceeding 131,2 million Rupiah. The attack happened for a span of one week, and yet it has not fully recovered until now. The impacts would not be as severe if there were adequate backup data available.

Baca Juga: Sri Mulyani: Kominfo Sudah Belanjakan Rp4,9 Triliun, untuk PDN Rp700 Miliar

Baca Juga: Kepala BSSN Belum Mampu Tangkap Pelaku Serangan Ransomware PDN, DPR Tawarkan Bantuan

“What must be underlined here is that such breaching incidents have happened repeatedly. This one is the most severe so far. I think it’s scary,” said Christianto to Pikiran Rakyat on Thursday, June 27, 2024.

Christianto argued that this repeated incident reflects the vulnerability of Indonesia’s cyber security and backup data. The attack has successfully shut down the National Data Center (PDN) for a few days, and it is still not fully recovered until now.

He also expressed his concern regarding the use of Windows Defender as the main antivirus for PDNS 2. Previously, the State Cyber and Cryptography Agency (BSSN) released a temporary forensic analysis report shows that Windows Defender is not capable of overcoming such attacks.

According to him, the use of Windows Defender without the support of advanced firewalls for extra protection is an inadequate measure for critical infrastructures such as PDN.

“To be honest, I am quite shocked that it was hacked, and as it turns out, they used Windows Defender for protection. That is for personal use. In the end, it’s not too surprising they were hacked. Aside from how this is possible, what I am really questioning is, how come the system’s backup data cannot be fully recovered?” said Christianto.

As though building a house full of precious items, of course, the security system needs to be enhanced. It would be a totally different case if the house did not possess any of those items.

“We are talking about the National Data Center (PDN) here, which means that the data possessed are all national data. Security must be anticipated because it is interlinked with the internet network. And, if they call this a ‘temporary’ data center, then nothing is temporary in the data,” he said.

Christianto continued, stating that the danger of these breaches is that people do not recognize that the hacked data is important. The government should have been more transparent about why the attack happened in order to educate people. People keep becoming victims of this matter most of the time because they cannot do anything about it.

Looking back at the previous attack, the government needs to take crucial protection and mitigation steps more clearly in the future. The security ‘shield’ needs to be re-evaluated once more.

Backup data requires special attention, more so when it is linked with crucial national-scale data. It’s no longer a secret that the recovery of a system really depends on the backup data it possesses.

“Since we are discussing mindset and technology, which are developing continuously, obviously it needs to be updated because today's attack is different from what happened in the past, and attacks in the future would be even more advanced,” he stated.

PDN needs to have a resilient IT system that is capable of facing various disruption scenarios, including natural disasters, cyber attacks, and system failure.

Christianto mentioned that ransomware attacks are not something new in the world of information technology. All companies and institutions are supposed to have their own cyber protection and mitigation measures when their systems are attacked.

They must at least have great backup data, especially if the data they are managing and protecting is a national asset. It obviously requires layered security and a technologically advanced system to prevent breaches from happening. Even so, if it is still successfully hacked, the system can be quickly recovered because backup data is available.

For example, the massive earthquake that happened in the United States in 1994 wrecked a number of offices and technological companies' data centers. But, they managed to recover and reconnect with their partners from all around the world in just a matter of days.

“For the year 1994, they surely have a clear mitigation plan. Moreover, 30 years later, the backup is much more advanced because technology has developed,” he said.

Christianto also said that ransomware attacks have happened before, and there was an indicator when the attack occurred. The system could run normally again a few hours later with adequate backup data, although the hacker has sent a ransom letter.

“So, when the alarm is not activated, of course it will be breached,” he uttered.
The Verge reported that a health insurance company in the United States admitted that they have paid a ransom of 22 million US dollars to BlackCat. The ransomware group managed to hack Change Healthcare’s system, which belonged to UnitedHealth. They were also the same group behind the ransomware attack on a number of MGM casinos in Las Vegas. *** (Politeknik Negeri Bandung/Yeurley Arba Nabila)

---

Sumber: https://dev.xcloud.id/temporary-national-data-center-ransomware-attack-reflects-indonesias-weak-cyber-security-system/