A disgruntled ex-employee deleted 180 virtual servers from his company’s systems in rage following his dismissal, dealing significant damage to the company.
The company in question, IT firm NCS, suffered damages of $918,000 Singaporean dollars, equivalent to roughly $678,000 US dollars.
The employee, Kandula Nagaraju, has been sentenced to two years and eight months in jail on one count of unauthorized access to computer material, with another charge taken into consideration for sentencing, according to reporting from CNA.
Nagaraju reportedly exploited his prior access to NCS’ quality assurance system to carry out the breach. Following his dismissal in 2022, he used administrator login credentials to gain unauthorized access to the system from between January and March 2023.
Between the first two months, Nagaraju reportedly worked on some computer scripts and tested them to see if they could be used on the system to delete the NCS’ servers.
In March, he accessed the quality assurance system 13 times, running a programmed script written such that it would delete each of the 180 servers one at a time.
Boris Cipot, a senior security engineer at the Synopsys Software Integrity Group, told ITPro that this is an important reminder for businesses to focus on the proper implementation of authentication systems.
"Usually, when thinking about cyber attacks and protection against them, we tend to focus on unknown attackers and closing the possibilities of how they could breach us from the outside. Meaning, no access without “proper” authorization,” Cipot said.
While authentication and authorization systems are vital, Cipot added, they can still be exploited due “improper implementation,” and he maintained that it is not enough to just create accounts and assign them access rights.
"The accounts and their access to resources must also be constantly monitored, and in case of irregularities, the responsible person or system needs to be alerted,” Cipot said.
With regard to this particular case, Cipot said that it raised many questions as to why Nagaraju’s account was still active and why it was not being monitored. Accounts such as his must be monitored and, crucially, must expire when a role is terminated.
Why is defending against identity-based attacks getting harder?
Javvad Malik, lead security awareness advocate at KnowBe4, added that this incident should serve as a “stark reminder” of the human element inherent to cyber security in businesses.
"It's not just about the technology and its vulnerabilities, but also about how individuals react under certain emotional states. Kandula Nagaraju's drastic action following his dismissal underscores a critical oversight that many organizations still stumble upon—the exit process,” Malik said.
