Titas Gas Root Access Sold! on Dark Web

On November 1st, the Bangladesh Cyber Security Intelligence (BCSI) Threat Intelligence team identified a significant security breach: a threat actor was offering root access to Titas Gas’s firewall for sale. BCSI reported this alarming development in an article titled “Titas Gas: Hacker Offers Root Access for Sale“

At that time the threat actor offered the access for an initial price of $1,000 USD. Alarmingly, the hacker(s) hinted that the price would increase as they expand their access to additional critical servers and infrastructure components.

On November 4th, the threat actor resurfaced, reposting their offer for root access to Titas Gas’s firewall at an increased price of $2,500 USD. This price hike suggests the actor may have acquired deeper, more critical access within the organization, aligning with their earlier hints that the cost would rise as they expanded their reach into additional servers and infrastructure. The escalation in price reflects the growing risk posed to Titas Gas’s systems and highlights the persistent vulnerability of essential infrastructure in the face of cyber threats.

Following an in-depth investigation, the Bangladesh Cyber Security Intelligence (BCSI) Investigation team obtained proof verifying the threat actor’s access to Titas Gas’s systems. This confirmation underscores the severity of the breach and validates the threat actor’s claims, raising significant concerns about the security of critical infrastructure in Bangladesh.

In a recent report published by a Bangladeshi popular TV channel, Titas Gas authority said that their systems were secure, stating their servers are hosted in the National Data Center under the management of the Bangladesh Computer Council (BCC). Following these claims, the BCC responded by initiating its own investigation to assess the situation.

However, on November 10th, when the investigation team reached out to the threat actor again, It is informed that the access had already been sold out. However, there was no information about the buyer or the price at which it was sold.

This statement raises concerns of potential cyber threats facing Titas Gas, such as data breaches, sabotage, or ransomware attacks, if the access fall into any miscreants as Bangladesh faced a 105% rise in cyber incidents from the second to the third quarter of 2024.

The incident of Titas gas is a stark reminder of the vulnerabilities of 30 + Critical Information Infrastructure (CII) of Bangladesh as well as reflects the country’s cyber readiness when cyber security is being considered as the top priority.

Potential Risks with Root Access

1. Data Breach: Sensitive data, including customer information, billing records, and operational details, could be stolen or leaked.
2. Network Sabotage: The threat actor could disrupt network traffic, compromise the firewall, or manipulate data, leading to service outages.
3. Unauthorized Access Expansion: With root access, the actor could potentially move laterally across the network, compromising additional servers and applications.
4. Deployment of Malware or Ransomware: Malware or ransomware could be deployed, locking critical files or systems and demanding payment for access restoration.
5. Manipulation of Operational Data: The actor could tamper with data used in gas supply management, potentially leading to service disruptions or safety risks.

Recommendations for Mitigation and Prevention

• Revoke and Re-Establish Access Controls: Immediately change all access credentials and implement multi-factor authentication (MFA) on all critical access points.
• Audit and Patch Vulnerabilities: Perform a comprehensive vulnerability assessment to identify and patch security gaps, especially any that may have allowed initial access.
• Monitor Network Traffic: Set up advanced monitoring to detect unusual activities, such as data exfiltration or unauthorized network access. Enable alerts for suspicious logins and data transfer anomalies.
• Isolate Critical Systems: Segment the most sensitive parts of the network to minimize exposure in case of further breaches.
• Engage Incident Response: Collaborate with cybersecurity experts to understand the extent of the breach and remediate the environment.