Data Breach

National Logistics Portal (NLP) data leak: seaports in India were left vulnerable to takeover by hackers

The National Logistics Portal (NLP), a newly launched platform to manage all port operations in India, left public access to sensitive data, posing the risk of a potential takeover by threat actors.

On September 24th, researchers discovered that the NLP platform was exposing sensitive credentials, secrets, and encryption keys via publicly available JS files.

In addition to that, a number of Amazon Web Services (AWS) S3 buckets were left publicly accessible to anyone. The buckets contained the personal data of workers, marine crew, invoices, and internal documents. As the platform deals with the country’s critical infrastructure, this oversight might introduce great risk.

Alarmingly, the exposed AWS S3 keys allowed anyone to get higher privileges and gain access to all of the NLP infrastructure. This poses a grave danger of ransomware attacks. Threat actors could have taken advantage of the access to the system to encrypt critical information and make it inaccessible to the waterways authorities.

National Logistics PortalNational Logistics Portal
Image by SecurityDiscovery.

It might have caused far-reaching consequences, such as disrupting the trade and operations of India’s ports, not to mention the financial implications of significant ransoms demanded for the decryption keys.

According to the CEO of SecurityDiscovery Bob Diachenko, who first identified the leak, the exact consequences are hard to estimate.

“Figuratively speaking, India’s one-window solution for shipping has left its digital keys right under the doormat. Moreover, the door itself was also open. The JS file should not contain hardcoded credentials in the first place and AWS S3 buckets with sensitive data should be private – especially, when it is a governmental institution. It is also a huge reputational risk not only for that particular asset but for the entire country,” explained Cybernews Diachenko.

Image by SecurityDiscovery.

If you want to know more about India’s NLP and how the flaw was managed take a look at the original post:

https://cybernews.com/security/national-logistics-portal-data-leak/

About the author: Paulina Okunytė, Journalist at Cybernews

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, National Logistics Portal)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

New Triada Trojan comes preinstalled on Android devices<gwmw style="display:none;"></gwmw>

A new Triada trojan variant comes preinstalled on Android devices, stealing data on setup, warn…

4 hours ago

New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows

FIN7 cybercrime group has been linked to Anubis, a Python-based backdoor that provides remote access…

12 hours ago

U.S. CISA adds Apache Tomcat flaw to its Known Exploited Vulnerabilities catalog<gwmw style="display:none;"></gwmw>

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apache Tomcat flaw to its Known Exploited…

19 hours ago

Apple backported fixes for three actively exploited flaws to older devices

Apple backports three critical vulnerabilities actively exploited in attacks against older iOS and macOS models.…

1 day ago

Spike in Palo Alto Networks scanner activity suggests imminent cyber threats

Hackers are scanning for vulnerabilities in Palo Alto Networks GlobalProtect portals, likely preparing for targeted…

1 day ago

Microsoft warns of critical flaw in Canon printer drivers

Microsoft’s offensive security team discovered a critical code execution vulnerability impacting Canon printer drivers.  Researchers…

2 days ago