Recently, IndiaTechnical service providerC-Edge TechnologiesThe system has been attacked by ransomware，systemParalysis, leading to nearthree hundredThe payment and customer service systems of small banks have been affected. Affected bank customers are unable to access services includingATMPayment transactions, including machine deposits, withdrawals, and unified payment interfaces, have caused confusion in fund flow.

National Payment Corporation of India（NPCI）After discovering the attack, isolation measures were quickly taken toC-Edge TechnologiesCut off from its operated retail payment system to prevent further attacks from spreading to a wider payment ecosystem. After a day of effort, the affected payment system gradually returned to normal. Subsequently, the ransomware gangRansomEXXAnnounce responsibility for this attack and claim on its leaked website that it was caused byC-EdgeStolen from relevant digital payment platforms142GBThe data.

thereafterNPCIInitiate a comprehensive audit and investigation to determine the specific details of the attack and the extent of the losses incurred. Meanwhile, the Reserve Bank of India（RBI）The Indian cybersecurity agency has also intervened in the investigation to assess the overall cybersecurity situation of the banking industry. Researchers have found that the root cause of this attack lies in an open-source automation tool widely used by developersJenkinsA known vulnerability in（CVE-2024-23897）This vulnerability allows attackers to access sensitive files or data and may result in arbitrary code execution under certain conditions. The attacker exploited this vulnerability to invadeC-Edge TechnologiesThe system has penetrated into the digital payment system of banks.

National Payment Corporation of India（NPCI）

In fact, last yearelevenMonth, Code Quality Management CompanySonarSourceI discovered it for the first timeCVE-2024-23897loophole,JenkinsThe team receivedSonarSourceAfter the company's report has been verifiedtwo thousand and twenty-fouryearonemonthtwenty-fourA repair program was released on the day. becauseJenkinsWidely used,CVE-2024-23897The disclosure of vulnerabilities has sounded the alarm for the cybersecurity community. Many researchers have created effective concept validations based on vulnerability information（PoC）The vulnerability was identified and its severity was pointed out. In addition, some reports also indicate that some hackers have begun to exploit these vulnerabilities for attacks. butC-Edge TechnologiesNot repaired in a timely manner, resulting in being exploited by attackers. This also exposes that the attacked bank did not conduct regular security checks on the systems it used, and the network security management of the banking industry is worrying.

Network Security and Automation Testing CompanyHorizon3.aiThe Chief ArchitectNaveen SunkavallyIt is pointed out that there are thousands ofJenkinsThe server is open to the public，becauseJenkinsThe widespread deployment of servers and the sensitive information typically stored on these serversbecomeThe key target of hacker attacks. IfJenkinsThe default configuration of the server has been incorrectly modified, or the attacker has obtained a valid one through some meansJenkinsUser accounts, even if attackers initially do not have any permissions, they may still exploit this vulnerability for further attacks. The unfolding of this attack chain not only threatensJenkinsThe security of the server itself may also be compromisedAffectedWithJenkinsOther systems and data associated with the server.

Ransomware GangRansomEXX

For useJenkinsFor technology service providers of such open-source automation tools, it is crucial to promptly pay attention to and apply relevant security patches, strengthen access control and authentication, restrict access to sensitive data, and regularly conduct security audits and vulnerability scans. By implementing these measures, the risk of server attacks can be effectively reduced, and users' assets and data security can be protected.

Hacker organizations often invade network systems by exploiting security vulnerabilities in the system, carrying out malicious destructive activities and stealing sensitive data. Therefore, relevant technology service providers and technical departments need to comprehensively enhance their awareness of network security, strengthen network security management, and conduct regular inspections. Through unremitting efforts, potential vulnerabilities are discovered and fixed in a timely manner to ensure system security and avoid incalculable losses caused by data breaches or system crashes.