A significant security breach has recently come to light involving a former NCS employee who, upset over his dismissal, exploited his prior access to NCS’s quality assurance (QA) system in Singapore.
After his termination in November 2022, Indian national Kandula Nagaraju, 39, used administrator login credentials to gain unauthorized access to the system from January to March 2023. During this period, he used a deletion script to remove 180 virtual servers one at a time, causing his ex-employers S$917,832 in damages.
Security experts have shared their insights on this incident, underscoring the importance of robust cybersecurity practices.
Boris Cipot, Senior Security Engineer, Synopsys Software Integrity Group said:”Typically, when considering cyberattacks and protection measures, we focus on external threats and preventing unauthorized access. Proper authentication and authorization are foundational security requirements, yet they are often exploited due to improper implementation.
“It’s not enough to create accounts and assign access rights; these accounts must be continuously monitored, and any irregularities must trigger alerts.
“In this case, a former employee’s access was used for unauthorized activities. This raises critical questions: Why was the account still active? Why wasn’t there monitoring? Even admin accounts should not have unrestricted rights and must be monitored and deactivated once the employee is no longer active.
“Proper user rights implementation is a fundamental aspect of cybersecurity hygiene. Organizations need to monitor accounts, their actions, and ensure no account has overly broad access rights. This vigilance helps prevent not only internal threats but also potential external exploitations, such as phishing attacks.”
Darren Guccione, CEO and Co-founder, Keeper Security said: “The incident involving a disgruntled ex-employee deleting 180 virtual servers underscores the need for organizations to prioritize robust security measures, particularly in access management and offboarding protocols. Employees leaving under adverse circumstances pose a heightened risk of malicious actions.
“To mitigate this, organizations should adopt a zero-trust architecture with least-privilege access, granting employees only the access necessary for their jobs, periodically reviewing access permissions, and monitoring activity.
“Access management software, such as unified privileged access management solutions, can assist with privileged account and session management, secrets management, and enterprise password management.
“Offboarding should begin at the onboarding stage by tracking all digital and physical assets associated with each employee. Recovering these assets upon an employee’s departure, promptly deactivating accounts, and revoking access rights are crucial.
“Organizations must also monitor for any continued activity post-employment and implement policies to prevent email forwarding and unauthorized file duplication, further safeguarding against potential data breaches.”
This breach highlights the critical need for comprehensive cybersecurity measures, particularly in managing employee access and ensuring proper offboarding procedures. Companies must stay vigilant and proactive in monitoring and securing their systems to prevent similar incidents.
