Indian Import Export Data for Sale

###### Category Adversary Intelligence
###### Affected Industries Government Sector
###### Type Database
###### Affected Region India

Executive Summary

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post, on a cybercrime forum, advertising an Indian customs database that contains 130 million records. The database purportedly contains Import/ Export data from 2019 to 2020.

Attribution

On 29 April 2021 a threat actor shared a post selling Indian Customs data for USD 500 on a popular underground data sharing forum.

Threat actor’s post on a popular underground forum

Analysis

Information from Source

The threat actor claims that the database contains the following records:

###### 2019 ###### 2020
###### Import 40 million records 31 million records
###### Export 35 million records 30 million records

The threat actor has provided sample data for both Import and Export data:

Import Data Sample:

Export Data Sample:

Data fields:
  • Port names
  • Date
  • IEC (Importer-Exporter Code)
  • Importer name
  • Importer Address
  • Supplier name
  • Supplier Address
  • Invoice details
  • Pricing information
  • Exchange rates

Impact

Based on the data schema, there is no PII (Personally Identifiable Information) of individuals. Also, most of the data in the database sample are public, except the invoice details and other administrative data.

Recommendations

  • Secure web applications from injection attacks.
  • Ensure proper maintenance of network connected systems, especially those exposed to the internet.
  • Use strong/complex passwords and MFA (Multi Factor Authentication) for administrative logins and VPN endpoints.
  • Use efficient NIDPS (Network Intrusion Detection and Prevention Systems) and XDR (Extended Detection and Response) systems to prevent intrusions.