The National Malware Center (Pusmanas) website belonging to the State Cyber and Password Agency (BSSN) was targeted by hacking in the form of home page changes.
The hack of the site addressed in www.pusmanas.bssn.go.id was first revealed by Twitter users, @son1x777, Wednesday (10/20/2021).
Cyber security expert Pratama Persadha revealed that the post read “Hacked by theMx0nday”, which means hacked by theMx0nday.
“It was written by the perpetrator that this action was carried out to avenge the alleged perpetrators from Indonesia who had hacked the brazilian state website,” Pratama said in his statement on Monday (10/25/2021).
Pratama said, deface is a hack into a site and changes its appearance. These changes may cover the entire page or in certain sections only.
For example, site fonts are replaced, annoying ads appear, and overall page content changes.
According to him, BSSN should have a mitigation plan or business continuity planning (BCP) in the event of a cyber attack.
“Because the parent CSIRT (computer security incident response team) in Indonesia is BSSN,” he said. Until Tuesday (26/10/2021) at 06.50 WIB, the site is still not accessible.
If you look at the security system that has been built by BSSN, Pratama suspects that there is an SOP violation of the www.pusmanas.bssn.go.id link.
The violation is likely because it did not pass the penetration test process first when it will be published.
“If checked the attack, maybe you can find out why the firewall can pass the attack into the vulnerable gap. Even a simple attack, if it escapes from the firewall can cause great damage,” he said. “Do not think all deface attacks are light attacks, it could be that the hackers have entered into it,” said the man from Cepu, Blora, Central Java.
Meanwhile, BSSN admitted its site had been breached by hackers. BSSN spokesman Anton Setiawan said the BSSN site that suffered a deface attack contained data about the malware repository.
“The site contains data about malware repositories,” Anton said.
Anton said the malware repository is a report or information about malware. He also said that BSSN immediately handled it after its site suffered a deface attack.
The handling was carried out by the BSSN Computer Security Incident Response Team (CSIRT). “It’s done, because it’s just defacement. Access has also been closed,” he said.
BSSN itself has so far suspected that the hacking of its website was carried out by Brazilian hackers. “Until now the indications are from Brazil,” Anton said.
According to Anton, it is still conducting searches against the perpetrators of the hack. “But we are still exploring again, because in this cyber space anyone can confess,” he said.
In its search, BSSN ensures without involving other parties aliases are done independently. “No (without involving other agencies), we do it independently,” anton added.