Update as on July 09, 2020 – Cyble has noted that the number of attacks are increasing on Organizations based in India and their data is put on sale in the darkweb. These attacks are either through ransomware or exploiting the security misconfigurations of internet-facing systems.
Recently, Cyble Research Unit (CRU) identified a credible threat actor who claimed to be in possession of confidential data of Religare Health Insurance – An Indian health insurance firm established in June 2012, by Religare Enterprise Limited, Union Bank of India and Corporation Bank. The company is headquartered in Gurgaon, Haryana and operates out of 146 offices across India with 6000+ employees. The company currently offers products in the retail segment for Health Insurance, Critical Illness, Personal Accident, Top-up Coverage, International Travel Insurance and Maternity along with Group Health Insurance and Group Personal Accident Insurance for Corporate sector
Given the sensitivity of the matter, Cyble researchers investigated further and verified that the actor has obtained initial access due to a misconfiguration issue, and later allegedly uploaded a web shell as well on their exposed server. The actor is selling the personal records of over 5 Million people on the dark web, including Religare’s employee’s information. Cyble has acquired the leaked data and is being indexed on amibreached.com
Screenshot shared by the threat actor after getting access to Religare Health Insurance database –
Further analysis of the data acquired by Cyble exposed its criticality. Below is the list of data exposed –
- Customer’s name, address, mobile number, email id, date of birth
2. Customer’s ID, policy number, start date, end date, Agent assigned
3. Name of the policy, sum insured, renewal amount
4. Employee/agents Full names, mobile numbers, DoB, usernames, password hashes, individual authorization keys, official email IDs, email signatures having office address and personal mobile numbers, , last login and last logout, Internal IP address through which they connected to the portal
Cyble has been reporting these types of breaches to aware individuals of the risks associated with using online services.
As soon as our research team identified this leak, the data was instantly acquired and indexed on our data breach monitoring and notification platform, AmiBreached.com – people who’re concerned about their information exposure can register on the platform to ascertain the risks.
We recommend people to:
- Never share personal information, including financial information over the phone, email or SMSs
- Use strong passwords and enforce multi-factor authentication where possible
- Regularly monitor your financial transaction, if you notice any suspicious transaction, contact your bank immediately.
- Turn-on automatic software update feature on your computer, mobile and other connected devices where possible and pragmatic
- Use a reputed anti-virus and internet security software package on your connected devices including PC, Laptop, Mobile
- People who are concerned about their exposure in darkweb can register at AmiBreached.com to ascertain their exposure.
Cyble is an Atlanta, US-based, global premium cyber-security firm with tools and capabilities to provide near real-time cyber threat intelligence.
Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.
This monitoring and notification platform gives the average consumer insights into their personal cybersecurity issues, allowing them to take action then as needed. It has recently earned accolades from Forbes as being the top 20 cyber-security companies to watch in 2020.