Hackers delete Bykea database, company unaffected due to backups

LAHORE: Early on Tuesday morning, Bykea experienced a breach wherein hackers managed to infiltrate and delete an entire database, though the company remained unaffected because the attack was caught early on and the company had data backups. 

A screengrab taken from the app shows that services were down around 2:00 pm Pakistan time, which Profit was told is prime evidence of a data breach.

Speaking to this scribe, Bykea CEO Muneeb Maayr said that the hack did occur, it was business as usual given that the mobility-based technology company has backups in place for this very possible instance.  The attack was caught early on, providing the company enough time to contain it. 

Bykea management also believes that the hacker was trying to mine cryptocurrencies from the computational data on the server. 

According to the Bykea management, the hacker who was in the system had perhaps panicked and deleted the entire data, though his original intention might have been to copy the data and sell it or elicit a ransom amount from the company. Fortunately, Bykea had data backup which they were trying to restore till filing of this report. 

Bykea services were back up late Tuesday night.

The modus operandi is similar to the “meow” attack, which targets dozens of unsecured databases that are exposed on the public web randomly. Once targeted, “meow” overwrites or destroys the data in these databases completely, without any explanation, and some with a ransom note. These attacks have triggered a race by the researchers to track down the exposed databases before they get exploited.

“While we can’t yet confirm the attacker’s motivations, or whether they’re copying the data prior to destroying it, there is the potential that the attacker isn’t abusing the user data prior to its deletion,” said Boris Cipot, a senior security engineer at Synopsys Software Integrity Group. “If that is in fact the case, Meow attacks could actually be safeguarding users from more financially-driven malicious attackers.”

Most attacks that target data aim to extract payment from the victims, with the attack classified as ransomware. Last month, US wine and spirits giant Brown-Forman, was a victim of sophisticated ransomware, called REvil. The attackers claimed to have 1TB of corporate data in their hands, threatening to leak it online unless Brown-Forman agreed to pay a defined ransom. 

Around this time, Konica Minolta, a Japanese multinational business technology giant, was hit with a new type of ransomware called RansomEXX. The attack meant that for almost a week, Konica Minolta’s product supply and support site could not be accessed, and some of their printers were down as well, displaying a ‘Service Notification Failed’ error.

How can a company prevent a data breach?

According to Rena Chua, bug bounty advisor for HackerOne, chief information security officers (CISOs)  are always looking out to reduce the risk of a security incident and protect the brand and assets from being exploited.

“Every day, researchers, friendly hackers, journalists, and other actors find vulnerabilities in organizations’ technology,” she said. “The hackers will want to tell security teams about the vulnerabilities they found, and have them fix it before it gets exploited by criminals. Attempts to report security vulnerabilities often carry a considerable legal risk for the hacker, so many hackers simply withhold vulnerable information or publish anonymously.”

She said that when businesses do not empower hackers to disclose a vulnerability, the vulnerability puts the business and the public at risk, adding that when hackers must report anonymously, it makes it difficult for companies to obtain key information they might need to fix the vulnerability, and hackers do not get appreciation or confirmation of the fix in return. 

“A vulnerability disclosure policy (VDP), commonly referred to as the “see something, say something” of the internet, is intended to give anyone who stumbles across something amiss clear guidelines for reporting it to the proper person or team responsible,” she said. “Think of this real-life analogy: You walk past a neighbor’s house and see their back door was left wide open. What would you do? You’d probably knock on their door, holler for them, or maybe even call them. However, for organizations or technology or websites, it’s not that simple.”

VDPs are intended to remedy that situation by giving security researchers, ethical hackers, white-hat hackers, and bug hunters clear directions on how to report a potential security vulnerability. Chua said that VDPs are becoming an established best practice and even a regulatory expectation. 

“Guidance on vulnerability disclosure has been published by numerous organizations, including the United States Department of Justice, National Institute of Standards and Technology (NIST), and The International Organisation for Standardisation,” she said. “Governments are also taking the lead in establishing VDPs — The U.S. Department of Defense has had hackers discover over 18,000 valid vulnerabilities exclusively through HackerOne’s VDP in three short years. The Singapore government also launched a formal VDP with HackerOne in 2019, demonstrating an ongoing commitment to collaborate with the cybersecurity community to build a secure and resilient Smart Nation.”

Taimoor Hassan
Taimoor Hassan
The author is a staff member and can be reached at [email protected]

1 COMMENT

Comments are closed.

Must Read

Deputy PM Ishaq Dar reviews integration of ERRA into NDMA

The progress of merging the Earthquake Reconstruction and Rehabilitation Authority (ERRA) with the National Disaster Management Authority (NDMA) was reviewed yesterday by Deputy Prime...