Tata Power Pwned By Hackers

It came to light on Friday that Tata Power who is part of the massive Tata group got pwned by hackers. Not a whole lot is known about the extent of this hack. But:

The company has taken steps to retrieve and restore the systems, it informed. All critical operational systems are functioning; however, as a measure of abundant precaution, restricted access and preventive checks have been put in place for employee and customer facing portals and touch points, it added.

I have a comment from Darktrace Analyst Hanah Darley:

From the available information, Tata Energy will likely have implemented Multi-Factor Authenitcation (MFA) in response to the cyber-attack which is an effective method of imposing additional controls on who can access organisational networks. Unfortunately, it is not a guarantee that implementing MFA will resolve a breach if a hacker has maintained access gained before the MFA was in place and we have seen recently that MFA companies can themselves become targets in attacks.

Tata Energy have made it clear that their critical operational systems are still functioning, meaning that while the breach effected IT infrastructure, their OT system are still working. Depending on how the breach occurred, there are multiple ways that only certain portions of their digital estate was affected while leaving other portions untouched, depending on how much the attackers were able to move laterally or how interconnected their systems are. Critical national infrastructure, especially industrial systems tend to involve legacy software and have difficulty maintaining patches for software, which inherently make them more vulnerable than the average organisation. Hackers are increasingly demonstrating their willingness to exploit this for their own malicious purposes.

I am sure that additional details will come out in the days ahead as Tata isn’t a small company and details will usually filter out sooner or later. Watch this space for details.

Leave a Reply