Indonesia faced a significant cyberattack which targeted on Pusat Data Nasional (PDN) in June 15th 2024. That cyberattack’s kind of existing malware called Lockbit 3.0 which caused unauthorized access to sensitive data for several days before successfully stopped. It affected more than 230 public agencies, including ministries. It’s related to the term of cyberattack itself, cyberattack as a deliberate and malicious attempt to leverage vulnerabilities in technology, human factors, or organizational processes to achieve various objectives, such as unauthorized access, data theft, disruption of services, or the spread of malware.
Detailed Analysis
A report from Kompas.com (2024) confirmed that Brain Cipher was responsible for the ransomware attack that locked PDN data and demanded a ransom of 8 million US dollars (around Rp. 131.2 billion). Brain Cipher is a hacker group known for their sophisticated and coordinated ransomware attacks. They use a variety of techniques including phishing, exploiting software vulnerabilities, and data encryption to extract and lock victims' data.
Phishing as first technique to send legitimate-looking emails or links to PDN employees, trying to convince them to click on malicious links or open attachments containing malware, whatever the sources. Social Engineering is a techniques to obtain sensitive information such as passwords or other access by defrauding employees of information via phone calls, text messages, or in-person interactions. It means that those initial tactics using human factor as the bridge also as the subject or object, as the first step to attack the digital devices.
After successfully breaking into the network, hackers move laterally to gain access to more parts of the PDN system, to escalate the access privileges of a compromised account to gain administrator control or access to more sensitive data. With full access to the system, hackers can initiate two main activities: data extraction and data encryption. Such ransom messages were found on some servers, with instructions for payment in cryptocurrency, threatening to delete data if the ransom was not paid within a certain time limit. Once data is encrypted or stolen, Brain Cipher a.k.a hackers in this context, contacted the authorities to demand ransom. The hacker sends a message or email containing a ransom demand, usually in the form of a hard-to-trace cryptocurrency such as Bitcoin. Negotiations may occur if the authorities try to lower the ransom amount or ask for additional time, but Indonesia governemnt clearly refused to negotitate with hackers. Herein the timeline illustrates the series of events and responses following the breach of PDN, highlighting both the hackers’ sophisticated methods and the government’s subsequent actions to mitigate the impact and prevent future incidents.
Timeline of The Breach of PDN
May 2024 | Identifying vulnerable points in PDN’s infrastructure; Phishing emails are sent to PDN employees, aiming to gain initial access to the network. |
June 1st 2024 | Hackers successfully exploit a vulnerability in unpatched software, gaining access to PDN's internal systems. |
June 3rd 2024 | Hackers begin extracting sensitive data, including personal information and government documents. |
June 4th 2024 | Data extraction is completed, and ransomware is deployed to encrypt critical files. |
June 5th 2024 | A ransom note is displayed on PDN's systems, demanding payment in cryptocurrency. |
June 6th 2024 | PDN IT staff detect unusual network activity and encrypted files, identifying the breach. |
June 7th 2024 | An internal investigation is launched to assess the extent of the breach. |
June 8th 2024 | The incident is reported to the Indonesian National Cyber and Crypto Agency (BSSN). |
June 9th 2024 | BSSN forms a task force to handle the breach, including cybersecurity experts and law enforcement. |
June 10th 2024 | A public statement is issued, acknowledging the breach and advising affected individuals and organizations. |
June 11th 2024 | Emergency measures are implemented to contain the breach and prevent further data loss. |
June 12th 2024 | BSSN collaborates with international cybersecurity firms to analyze the ransomware and develop decryption tools. |
June 14th 2024 | Preliminary findings indicate Brain Cipher's involvement in the attack. |
June 15th 2024 | Affected systems begin to be restored from backups where possible. |
June 17th 2024 | A detailed report on the breach is prepared, outlining the scope and impact. |
June 20th 2024 | The government announces additional security measures and an audit of PDN's cybersecurity practices. |
Late June 2024 | Legislative and Policy Actions from government: - June 25th : The Indonesian government proposes new cybersecurity legislation to enhance protection of critical infrastructure. - June 27th : A budget increase for cybersecurity is announced, focusing on improving defenses and response capabilities. - June 30th : A nationwide cybersecurity awareness campaign is launched to educate public sector employees on best practices. |
July 3rd 2024 | President of Indonesia, Joko Widodo said that government have evaluated about the breach of PDN and emphasize the Backup Data of PDN. |
July 4th 2024 | Brain Cipher kept its promise by providing the ransomware encryption key for free. |
(Source: compiled by the author)
(The Need for a Robust The Human Resources Cyber Experts)
Cyberattacks caused by human factors often involve errors or omissions that can be avoided with advance security training, consistent system updates, and implementation of strict security policies. The author suggests that any institution must continue to invest in increasing their employees' awareness and knowledge of cyber threats to reduce the risk of future breaches. Before we talk about improving human resources in cyber capacity, to prevent and reduce the risk of similar attacks in the future, the author suggests the following steps can be taken in system. First, through patch management which changes all systems and software is regularly updated with the latest security patches. Second, implementing Multi-Factor Authentication (MFA) for all critical access systems to add an additional layer of security. Third, using Intrusion Detection and Prevention Systems (IDPS) to detect suspicious activities on the network. Last but not least, it is crucial about the Backup Data, means maintain encrypted and protected backup data to ensure data recovery without having to pay a ransom.
In addition to regular security audits, advanced attack detection systems, strengthening legal and regulatory frameworks, Indonesia must improve the quality of human resources in cyber capacity, with cybersecurity training and awareness about cyber threats. Thus, Indonesia also needs state and public-private partnerships. That collaboration between state-to-state, also government and private sector, can enhance cybersecurity capabilities. Sharing threat intelligence, resources, and expertise can help build a more resilient cyber defense.
Brain Cipher or Government Be Responsible?
The breach of Indonesia’s Pusat Data Nasional (PDN) by Brain Cipher raises critical questions about accountability and responsibility. Was it purely the act of a sophisticated hacker group, or does the government bear some responsibility due to potential negligence?
It is the worst cyberattack for Indonesia in recent years, proven by the disruption of multiple government services such as immigration and operations in major airports, which affected to the national security, public trust, and economic stability. The government’s failure to regularly update and patch vulnerable software left PDN exposed. Despite warnings about potential threats, the necessary cybersecurity measures were not implemented promptly.
While Brain Cipher undeniably orchestrated the attack, the government’s failure to maintain robust cybersecurity defenses significantly contributed to the breach. This incident underscores the need for enhanced cybersecurity measures, regular updates, comprehensive training programs, and robust incident response strategies to protect national data infrastructure. Ultimately, both the external threat from Brain Cipher and internal lapses in cybersecurity practices contributed to the severity of the PDN breach. The government must acknowledge these shortcomings and take decisive action to prevent future incidents. Also one more important thing, by prioritizing the development of cybersecurity expertise, Indonesia can better protect its digital landscape and ensure a secure future in an increasingly interconnected world.
Reference
Anjani, N.H. (2021) Cybersecurity Protection in Indonesia. Jakarta: Center for Indonesian Policy Studies (CIPS). Available at: http://hdl.handle.net/10419/249442.
Kompas. (2024). “Brain Cipher Telah Berikan Kunci Enkripsi Ransomware PDN, Apakah Sudah Bisa Dipakai?”. [Online]. Available on https://www.kompas.com/tren/read/2024/07/04/121500065/brain-cipher-telah-berikan-kunci-enkripsi-ransomware-pdn-apakah-sudah-bisa?page=all.
Part of Modern Warfare and Emerging Technology Division
About the Writer
Mei Rinta is a professional observer & researcher for non governmental organizations and private entities. She got master degree from The Republic of Indonesia Defense University, with interest in defense strategy & cyber security. Mei also accomplished double degree as Bachelor of International Relations from Universitas Airlangga and Bachelor of English Literature. She’s part of Indo-Pacific Strategic Intelligence (ISI).
Comments