Keyloggers, access to NEX deployment

Description

Keylogger can also be as source to reveal the User's details with the hacker. A User must be aware of such malicious activities and prevent themselves from losing their information. This section helps the user with ideas and plans from SME's to overcome the situation.

Mitigation Ideas

If the main deployment is compromised, then shutdown & re-deploy immediately.
Run anti-virus and anti-keylogger software to scan network devices.
Create an anti-phishing system that can capture the malicious activities such as code duplication and deploying in other environment. The User should be know that the code is not from original/official.
Isolate the compromised system in locked environment to perform RCA.
Monitoring service that polls the deployment and notifies key parties whenever the hosted code changes.

Response Plan

Remove the infected account in the GIT lab settings.
Inform all the users and employees that will be impacted by the attack.
Perform a rapid DNS switchover to site with "Down for Maintenance" status until deployment is recovered.
Chain analysis to find the number of affected users.
Contact GitLab for help.
Any possibilities to have a counter-cyber crime employee to hack the hackers?
Article about the hacker attack, https://decrypt.co/108015/nears-rainbow-bridge-blocks-another-attack-costing-hackers-5-ethereum

Responder Team

In order to find the solution/ to know in details about the risk that has happened, responder team is one to be communicated first.

First Responder Team

Point of Contact: DEV or Network Ops

Second Responder Team

Point of Contact: Community Outreach though any User forum

PreviousNEX Open Source Vulnerabilities NextPassword manager hacked

Last updated 11 months ago