Context: Cert-In has issued an advisory regarding a possible cyber attack in the country.
- Earlier Cyber Security firm Cyfirma has warned about a potential cyberattack from China amidst the border standoff.
- The company informed CERT-In regarding the possibility of an attack by Chinese government-backed hackers based on inputs received from chat rooms on the Dark web ( part of the internet that is not indexed by search engines).
- India has been targeted by Pakistan-backed hackers after the abrogation of Article 370.
- In 2019, CERT-In informed Parliament that over 24 websites related to central ministries and state governments were hacked till May.
- In November 2019, a malware was found on one of the systems of Nuclear Power Corporation of India’s Kudankulam plant, alleged to be linked to North Korean agencies.
Advisory by CERT-In:
- A potential phishing attack would be carried out for extracting critical information of users via emails, SMS, and messages on social media by proliferating free COVID test messages.
- It will be done using an ID that will mimic a government organization like "firstname.lastname@example.org".
- Guidelines for users -
- Don’t open or click on attachments in unsolicited emails.
- Don’t submit your critical personal or financial information on unknown websites or links.
- Encrypt or protect the sensitive document stored in the internet-facing machines to avoid potential leakage.
- Scan for and remove suspicious email attachments.
- Ensure the scanned attachment is its “true file type" i.e. the extension matches the file header.
- Be aware of phishing domain, spelling errors in emails, websites and unfamiliar email senders
- Beware of emails offering prizes, rewards etc..
- Use safe browsing tools, filtering tools in your antivirus firewall and update spam filters regularly.
- Report any unusual activity immediately to email@example.com with relevant logs.
- State-backed cyber attacks have become a common weapon of retaliation for powerful countries that do not want to get into physical wars.
- The Chinese hacker groups are suspected to be involved in recent cyberattacks on Australian servers, post their support for an investigation for finding the origin of COVID-19.
- Hence India must be extra cautious for protecting its critical infrastructure as other countries' experience shows the scale and extent of the attacks these hackers can pose.
- The Indian Computer Emergency Response Team is an office under the Ministry of Electronics and Information Technology.
- It was formed in January 2004.
- It is the nodal agency to deal with cybersecurity threats like hacking and phishing.
- It strengthens the security-related defense of the Indian Internet domain.
- It is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.
Image Source: Livemint