Serious Heartbleed vulnerability exposes Indian Power Plants to hackers!

    Power Plants across India have been put on high alert against a Heartbleed bug having the capability to disrupt the functioning of the critical infrastructure of the energy departments in a big way.

    The National Security Council of India after receiving a tip-off from Intelligence agencies has issued a warning to the energy departments (both private and Public) working across India. As per our Cybersecurity Insiders sources, two power plants related to Eastern Power Distribution Company of AP LTD were hit by the heartbleed bug early this year. But the security teams succeeded in warding off the ill effects of the bug and nullified its consequences within no time.

    After probing into the issue in a detailed way, the department learned that the security flaw was being used by some hackers of Russian origin. The department’s security teams have unearthed 111 cyber attacks incidents related to Heartbleed in past few weeks, and as a precautionary measure has set-up a special team to look for the ins and outs of the bug.

    And why is it called HeartBleed?

    In general, websites communicate with servers through SSL technology which offers a secure and private medium over the internet to exchange emails, instant messaging, and some info.

    A computer, in order to communicate to the server, needs to send heartbeats which are meant to inform the server that the computer is online. As soon as the server receives the heartbeat it starts dispatching the data to the computer or the user who typed the URL.

    Note- Heartbleed bug is a security vulnerability in the OpenSSL Cryptographic software library. The flaw allows hackers to steal info by the SSL/TLS encryptions used for secure communication.

    Technically speaking, the heartbleed bug allows a hacker based remotely, to read the memory of the system/server protected by the flaw-filled OpenSSL software. After compromising the secret keys used to identify the service providers and to encrypt traffic, the names and passwords of the users and the actual content is siphoned by the cyber crooks. Then the cyber thieves start eavesdropping on the communications and start stealing data directly from the servers and users by impersonating services and users.

    What is the fix?

    Nothing can be done unless the vulnerable OpenSSL version is in use. So, the energy departments must stop using extinct operating systems like Windows XP and start adopting new versions as soon as possible. At the same time, a coordinated approach to adopt fixes from independent software vendors and appliance vendors is also required.

    Ad
    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display