Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label NIC. Show all posts

Defending Data Breaches Through Cybersecurity

 


This year the government has been working on a cybersecurity strategy that aims to thwart the risk of data breaches, which has been considered a top priority since 2020. In light of a series of ransomware attacks concerning critical data that may have been compromised in recent months, experts and officials view these measures as imperative to protect against such attacks. 

There has been a recent breach of Solar India Industries Limited, which is a company that supplies defense-related equipment, and the All India Institute of Medical Sciences (AIIMS), which is a leading research and healthcare organization in the country, that was reported to be the work of attackers in the last couple months. 

One of the strategies is to assess the severity of several vertical segments of data breaches, according to a person familiar with the matter. As part of these mitigation measures, a national threat intelligence exchange is being set up. A malware repository is being created. Baseline audits are being conducted, and awareness events such as Cyber Week are being planned. 

There is a three-pronged strategy centered on people, processes, and technology. A prime example is the people vertical, which entails improving cyber hygiene so that more cybersecurity professionals are trained and increasing cyber hygiene education. 

The document contains recommendations for processes, a plan for managing cybercrime crises, a standard operating procedure, and a privilege system. This is to ensure that users are given the minimum access to the system. 

There is no need for firewalls to be installed, intrusion prevention systems to be installed, behavioral analysis tools to be installed, network segmentation to be created, and offline backups to be configured. 

According to one of the officials mentioned above, some of these investment areas have already been taken on by the government. 

Aside from the National Informatics Centre (NIC), the government is also looking to revamp the Department of Information and Communication Technology, which is responsible for storing most of the government's information, as well as providing IT solutions to the government. 

The Indian National Security Council Secretariat has been conceptualizing a policy for the past two years under the leadership of Lieutenant General Rajesh Pant. He is the head of the National Security Council Secretariat. An emerging threat in the technology sector is being addressed through a policy called the National Cyber Security Strategy, 2021. This policy identifies the need for a legislative framework to address this challenge. 

To better protect data and ensure that data breaches are reported and punished, the federal ministry of electronics and information technology is drafting a digital data protection bill to govern the process of reporting and penalizing data breaches. The former official mentioned above pointed out the need for a system of regular auditing systems to make sure that data breaches are minimized. He also pointed out that an overarching mechanism is in place to ensure this happens. 

Based on a response to a question in parliament, according to the answer to the question, there were 41,378 cyber security incidents in 2017 and 1,267,564 announced in 2022. 

The government also replied to a question in the context of cyberspace being anonymous, and borderless, and now incorporating different types of devices and services into it. It uses technological innovations and innovation to make it even more sophisticated and complex. 

CERT-In is a national nodal agency responsible for incident response in the country as well as collecting information on cyber incidents that occur to Indian users. Any data breach affecting Indian users must be reported to the Indian Computer Emergency Response Team. The ministry of electronics and information technology informed Parliament on November 16 that there were a total of 14, 6, and 22 incidents identified between the years 2020, 2021, and 2022 (until November) according to the information reported to CERT-In and tracked by it. 

It was also reported to Parliament that between June 2018 and March 2022, Indian banks reported 248 data breaches that resulted in the leak of card-related information from their systems. 

There is no single National Cyber Security Strategy that can be effective without the inclusion of robust resilience measures, which is the view of Supreme Court lawyer NS Nappinai, the founder of Cybersaathi. Consequently, it is only this kind of thing that can protect us in the event of a black swan occurring. There have always been and will always be cyber security threats, but what protects against attacks on critical infrastructure is to make sure they are anticipated and avoided and to have a recovery plan that is quick and simple, she explained further.

Increasing Cyber Attacks Prompt the IT Ministry to Beef Up the E-mail Security

 


A new report released by the Ministry of Electronics and Information Technology (MeitY) has suggested that the ministry is looking into strengthening the security of its email system in light of the increasing number of cyberattacks.

NIC has issued a Request for Proposals (RFP) to select a system integrator to maintain the existing email setup, add additional security framework support, and integrate an additional infrastructure into the existing setup. The government is seeking to select a system integrator that will be able to perform these tasks.

There is a Network Information Centre (NIC), under the jurisdiction of MeitY, which meets the government's information and communication technology (ICT) requirements at all levels, designs and develops IT systems for the government, and so forth.

"With the rapid adoption of emerging technologies, here comes a new generation of cyberattacks that are complex and targeted. As a result, cyberattacks targeting government email infrastructure are increasing exponentially," reported the NIC.

"To address the issue of advanced threats and cyberattacks, the security of the existing email service will have to be enhanced to provide a secure communication channel, deploying state-of-the-art security software and features to ensure effective and reliable communication," the NIC said in its RFP.

It has been reported that Moneycontrol has contacted the NIC with additional questions in this regard and the article regarding the same will be updated when a reply will be received from the NIC.

As part of the proposed additional security, it will be necessary to acquire threat intelligence software that supports the integration of third-party security to secure virtual machines from viruses, malware, etc.

The software must be able to detect malware that is not only capable of highlighting threat indicators but also capable of analyzing them.

It was stated in the RFP that "the information should include, among other things, background information on the threat actors and attack methods associated with specific indicators and artefacts that are linked to the threat actors."

As part of the threat intelligence collection process, it should also be capable of providing threat intelligence reports. These may include information such as the goal of the cyber attacker, variants of the threat, the outcome of a cyberattack, and so on.

The security measures for the government's email infrastructure will also include the implementation of HIPS (host intrusion prevention system), which monitors security across physical and virtual servers.

According to the RFP, the company will also acquire a security gateway that supports email security solutions that integrate inbound and outbound defences against email threats. These defences integrate inbound and outbound security analytics.

The RFP stated: "Potentially, the solution should be able to protect the company from zero-day and targeted attacks and be able to dynamically analyze messages attachments for malware without sending files to the cloud," according to the document.

"It is essential that the email security appliance be able to produce a PDF file containing a print-safe version of a message attachment that has been detected as malicious or suspicious."


Analyzing the security situation


Apart from that, the system integrator should also conduct an audit of the email architecture. This includes evaluating the email solution, changes in the design, changes in the operating system, and so on, as well as an assessment of the whole email environment.

There will also be a requirement for the system integrator to conduct a data audit of the email platform that is used by the government. According to the NIC, this is following any major feature changes, patch upgrades, and security fixes that are scheduled for the upcoming month.

Cyberattacks on government entities have increased in recent years


There has been an increase in the number of cyberattacks on the government, especially on the email infrastructure that the government uses as a communication tool.

According to a report in the Indian Express in December, several employees of various central ministries received mysterious emails from the nic. in the domain, which implied the death of Gen. Bipin Rawat had been caused by an "internal hand." From the nic. in the domain, the email claimed to be from a secret service agent.

A phishing attempt was carried out through compromised domain email IDs to try and lure officials of the Centre into clicking on the unsolicited link.

There was a similar cyberattack that took place in October last year when Prime Minister Narendra Modi visited the United States. A compromised email account belonging to the government was used in the attack.


NIC hacked by a malware, over 100 computers compromised

 

Recently, India's largest data agency NIC ( National Informatics Center) was hacked by a malware unidentified as of yet. The attack was sent from an email, infiltrating the network and around a hundred computers were affected. 



After the attack, the incident was reported to Delhi Police's Special Cell and the case was registered under the Information Technology Act (IT Act). The attack came from an email, which upon opening by an employee - all data from the machine was stolen and encrypted. 

The National Informatics Center is a branch of the Ministry of Electronics and Information Technology (MEITY). The NIC is responsible for the government's technical infrastructure and for the implementation and delivery of digital India initiatives. The Institute contained sensitive information related to National Security, India's Citizens, Home Ministry, Security Advisor, and the stolen data could very well harm National Interest. 

Upon investigation by Delhi Police, the attack was confirmed as a Malware coming from an email bait. While it was reported by only one employee, several of the workers got this mail containing the malware and when the user clicked on this mail, his system was compromised. Likewise, hundred of such computers were infected.

The IP address from the mail was detected to be from the Bengaluru office of an American company.

Attack from Anonymous?
Some sources say that this attack was from the infamous hacking group- Anonymous. Some days back the official website of the Indian Army and according to firstpost.com, a letter was sent to the Indian Government stating- 

 "We are Anonymous Again. 

 To the People of India and Government,
 You Have Underestimated the Power of people. You thought First NIC Hack by Anonymous was a Playful act, "THINK AGAIN".
 We are not here to Play with anyone. We are here to send a message to all the people who support the Anti-corruption bill. We took Down Indian Army Official Site and NIC knows more about what we did. We do not support anyone, We Support Only The Anti-Corruption Bill.

No one can speak for Anonymous, Nothing is Official." 

 It could be that both these attacks are linked and from the same group.

Sri Lankan NIC site(nic.lk) hacked via SQL injection vulnerability

Recently, we reported that the hackers defaced Top level Domains of Turkmenistan including Google, Gmail, youtube, by exploiting the vulnerability in NIC.tm. Today they have discovered vulnerability in another NIC website.

The hackers found a critical SQL injection vulnerability in Sri Lankan NIC website(nic.lk) that allows hackers to hijack top level Sri Lankan domains .



NIC websites are considered to be most important part of every country on the internet . A network information center (NIC), is the part of the Domain Name System (DNS) of the Internet that keeps the database of domain names, and generates the zone files which convert domain names to IP addresses.

Each NIC is an organization that manages the registration of Domain names within the top-level domains for which it is responsible, controls the policies of domain name allocation, and technically operates its top-level domain.

"any unauthorized access can make a disaster to compromised country ." The hackers said " for example changing all governments website’s DNS to hacker DNS and grab all high-level man of country credentials."

Hackers compromised data from the database and dumped data. They claimed that they reported to nic but there is no response from security team.