Cyber Security

Cyberattack

1. Introduction

Cyberattacks are unwelcome attempts to steal, expose, alter, disable or destroy information through unauthorized access to computer systems.

2. Why cyberattacks happen

In addition to cybercrime, cyberattacks can also be associated with cyber warfare or cyberterrorism, like hacktivists. Motivations can vary, in other words. And in these motivations, there are three main categories: criminal, political and personal.

Criminally motivated attackers seek financial gain through money theft, data theft or business disruption. Likewise, the personally motivated, such as disgruntled current or former employees, will take money, data or a mere chance to disrupt a company\’s system. However, they primarily seek retribution. Socio-political motivated attackers seek attention for their causes. As a result, they make their attacks known to the public—also known as hacktivism. Other cyberattack motivations include espionage, spying—to gain an unfair advantage over competitors—and intellectual challenge.

Cyber-Crime Vs Cyber-Terrorism Vs Cyber-War

Cyber-Crimes:

Cyber crime is unlawful acts wherein the computer is either a tool or a target or both. Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief etc.

Cyberwars:

Cyberwar is an organised effort by a nation state to conduct operations in cyberspace against foreign nations. Included in this category is the Internet\’s use for intelligence gathering purposes.

Cyber-Terrorism:

Cyberterrorism is the convergence of cyberspace and terrorism. It refers to unlawful attacks and threats of attacks against computers, networks and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives.

Cyber Security

1. Introduction

Cybersecurity is the practice of protecting critical systems and sensitive information from digital attacks. Also known as information technology (IT) security, cybersecurity measures are designed to combat threats against networked systems and applications, whether those threats originate from inside or outside of an organization.

In 2020, the average cost of a data breach was USD 3.86 million globally, and USD 8.64 million in the United States. These costs include the expenses of discovering and responding to the breach, the cost of downtime and lost revenue, and the long-term reputational damage to a business and its brand. Cybercriminals target customers’ personally identifiable information (PII) — names, addresses, national identification numbers (e.g., Social Security number in the US, fiscal codes in Italy), and credit card information — and then sell these records in underground digital marketplaces. Compromised PII often leads to a loss of customer trust, the imposition of regulatory fines, and even legal action.

Security system complexity, created by disparate technologies and a lack of in-house expertise, can amplify these costs. But organizations with a comprehensive cybersecurity strategy, governed by best practices and automated using advanced analytics, artificial intelligence (AI) and machine learning, can fight cyberthreats more effectively and reduce the lifecycle and impact of breaches when they occur.

2. Common cyber threats

Although cybersecurity professionals work hard to close security gaps, attackers are always looking for new ways to escape IT notice, evade defense measures, and exploit emerging weaknesses. The latest cybersecurity threats are putting a new spin on “known” threats, taking advantage of work-from-home environments, remote access tools, and new cloud services. These evolving threats include:

2.1. Malware

Malware is a form of malicious software in which any file or program can be used to harm a computer user. This includes worms, viruses, Trojans, and spyware.

2.1.1. Ransomware

Ransomware is another type of malware. It involves an attacker locking the victim\’s computer system files — typically through encryption — and demanding a payment to decrypt and unlock them.

2.2. Social engineering

Social engineering is an attack that relies on human interaction to trick users into breaking security procedures to gain sensitive information that is typically protected.

2.3. Phishing

Phishing is a form of social engineering where fraudulent email or text messages that resemble those from reputable or known sources are sent. Often random attacks, the intent of these messages is to steal sensitive data, such as credit card or login information.

2.3.1. Spear phishing

Spear phishing is a type of phishing attack that has an intended target user, organization or business.

2.4. Insider threats

Insider threats are security breaches or losses caused by humans — for example, employees, contractors or customers. Insider threats can be malicious or negligent in nature.

2.5. Distributed denial-of-service (DDoS)

Distributed denial-of-service (DDoS) attacks are those in which multiple systems disrupt the traffic of a targeted system, such as a server, website, or another network resource. By flooding the target with messages, connection requests or packets, the attackers can slow the system or crash it, preventing legitimate traffic from using it.

2.6.  Advanced persistent threats (APTs)

Advanced persistent threats (APTs) are prolonged targeted attacks in which an attacker infiltrates a network and remains undetected for long periods of time with the aim to steal data.

2.7.Man-in-the-middle (MitM)

Man-in-the-middle (MitM) attacks are eavesdropping attacks that involve an attacker intercepting and relaying messages between two parties who believe they are communicating with each other.

2.8. SQL injection

An SQL (structured language query) injection is a type of cyber-attack used to take control of and steal data from a database. Cybercriminals exploit vulnerabilities in data-driven applications to insert malicious code into a databased via a malicious SQL statement. This gives them access to the sensitive information contained in the database.

2.9. DNS tunneling

Cybercriminals use DNS tunneling, a transactional protocol, to exchange application data, like extract data silently or establishing a communication channel with an unknown server, such as a command and control (C&C) exchange.

2.10. Zero-day exploit

Zero-day exploit attacks take advantage of unknown hardware and software weaknesses. These vulnerabilities can exist for days, months, or years before developers learn about the flaws.

3. Latest cyber threats

What are the latest cyber threats that individuals and organizations need to guard against? Here are some of the most recent cyber threats that the U.K., U.S., and Australian governments have reported on.

3.1. Dridex malware

In December 2019, the U.S. Department of Justice (DoJ) charged the leader of an organized cyber-criminal group for their part in a global Dridex malware attack. This malicious campaign affected the public, government, infrastructure and business worldwide.

Dridex is a financial trojan with a range of capabilities. Affecting victims since 2014, it infects computers though phishing emails or existing malware. Capable of stealing passwords, banking details and personal data which can be used in fraudulent transactions, it has caused massive financial losses amounting to hundreds of millions. In response to the Dridex attacks, the U.K.’s National Cyber Security Centre advises the public to “ensure devices are patched, anti-virus is turned on and up to date and files are backed up”.

3.2. Romance scams

In February 2020, the FBI warned U.S. citizens to be aware of confidence fraud that cybercriminals commit using dating sites, chat rooms, and apps. Perpetrators take advantage of people seeking new partners, duping victims into giving away personal data. The FBI reports that romance cyber threats affected 114 victims in New Mexico in 2019, with financial losses amounting to $1.6 million.

3.3. Emotet malware

In late 2019, The Australian Cyber Security Centre warned national organizations about a widespread global cyber threat from Emotet malware. Emotet is a sophisticated trojan that can steal data and also load other malware. Emotet thrives on unsophisticated passwords: a reminder of the importance of creating a secure password to guard against cyber threats.

4. Zero trust security strategy

Businesses today are connected like never before. Your systems, users and data all live and operate in different environments. Perimeter-based security is no longer adequate but implementing security controls within each environment creates complexity. The result in both cases is degraded protection for your most important assets. A zero trust strategy assumes compromise and sets up controls to validate every user, device and connection into the business for authenticity and purpose. To be successful executing a zero trust strategy, organizations need a way to combine security information in order to generate the context (device security, location, etc.) that informs and enforces validation controls.

India’s Cyber Ecosystem

1. Introduction

If the ancestors of human beings were to wake up today after their long sleep of centuries, they would be amazed to see the revolutionised and digitalised world of contemporary times.

The advent of digitalisation has affected every sphere of human lives to a to a considerable extent. However, information technology use has been proving to be a double-edged sword as cyber crime and threats have increased dramatically. As India is moving towards more and more digitalization in all spheres, cyberspace has become a serious concern of National Security. According to the National Crime Records Bureau (NCRB) data, India reported 52,974 cases of cybercrime in 2021, an increase of over 5 per cent from 2020 (50,035 cases) and over 15 per cent from 2019 (44,735 cases).

Though the Government of India has taken steps for ensuring Cyber-Security that include the setting up of the Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs to deal with all types of cybercrime, much needs to be done to plug the infrastructural deficit.

2. Challenges to Cyber Security in India

2.1. Profit-Friendly Infrastructure Mindset:

Post-liberalisation, the Information Technology (IT), electricity and telecom sector has witnessed large investments by the private sector. However, their inadequate focus on cyber attack preparedness and recovery in regulatory frameworks is a cause of concern. All operators are focused on profits, and do not want to invest in infrastructure that will not generate profits.

2.2. Absence of Separate Procedural Code:

There is no separate procedural code for the investigation of cyber or computer-related offences.

2.3. Trans-National Nature of Cyber Attacks:

Most cyber crimes are trans-national in nature. The collection of evidence from foreign territories is not only a difficult but also a tardy process.

2.4. Expanding Digital Ecosystem:

In the last couple of years, India has traversed on the path of digitalising its various economic factors and has carved a niche for itself successfully.

Latest technologies like 5G and the Internet of Things (IoT) will increase the coverage of the internet-connected ecosystem. With the advent of digitalisation, paramount consumer and citizen data will be stored in digital format and transactions are likely to be carried out online which makes India a breeding ground for potential hackers and cyber-criminals.

2.5. Limited Expertise and Authority:

Offenses related to crypto-currency remain under-reported as the capacity to solve such crimes remains limited. Although most State cyber labs are capable of analysing hard disks and mobile phones, they are yet to be recognized as \’Examiners of Electronic Evidence\’ (by the central government). Until then, they cannot provide expert opinions on electronic data.

3. Current Provisions for Cyber-Security in India

3.1. Indian National Security Council:

NSC of India is a three-tiered organization that oversees political, economic, energy and security issues of strategic concern. The National Security Advisor (NSA) presides over the NSC, and is also the primary advisor to the prime minister. The current National Security Advisor is Ajit Doval.

3.2. National Cyber Security Strategy:

In 2020, the National Cyber Security Strategy was conceptualised by the Data Security Council of India (DSCI) headed by Lt General Rajesh Pant. The report focused on 21 areas to ensure a safe, secure, trusted, resilient, and vibrant cyberspace for India.

3.2.1. Main Components of the National Cyber Security Strategy

3.2.1.1. Large Scale Digitisation of Public Services:

• Focus on security in the early stages of design in all digitisation initiatives. Developing institutional capability for assessment, evaluation, certification, and rating of the core devices and timely reporting of vulnerabilities and incidents.

3.2.1.2. Supply Chain Security:

• Monitoring and mapping of the supply chain of the Integrated Circuits (ICT) and electronics products.
• Leveraging the country’s semiconductor design capabilities globally at strategic, tactical and technical levels.

Critical Information Infrastructure Protection:

• Integrating Supervisory Control And Data Acquisition (SCADA) security
• Maintaining a repository of vulnerabilities.
• Preparing an aggregate level security baseline of the sector and tracking its controls.
• Devising audit parameters for threat preparedness and developing cyber-insurance products.

3.2.1.3. Digital Payments:

• Mapping and modelling of devices and platforms deployed, supply chain, transacting entities, payment flows, interfaces and data exchange.

3.2.1.4. State-Level Cyber Security:

• Developing state-level cybersecurity policies,
• Allocation of dedicated funds,
• Critical scrutiny of digitization plans,
• Guidelines for security architecture, operations, and governance.

3.2.1.5. Security of Small And Medium Businesses:

• Policy intervention in cybersecurity granting incentives for a higher level of cybersecurity preparedness.
• Developing security standards, frameworks, and architectures for the adoption of the Internet of Things (IoT) and industrialisation.

3.2.2. Suggestions

3.2.2.1. Budgetary Provisions:

A minimum allocation of 0.25% of the annual budget, which can be raised upto 1% has been recommended to be set aside for cyber security. In terms of separate ministries and agencies, 15-20% of the IT/technology expenditure should be earmarked for cybersecurity. It also suggests setting up a Fund of Funds for cybersecurity and providing Central funding to States to build capabilities in the same field.

3.2.2.2. Research, Innovation, Skill-Building And Technology Development:

The report suggests investing in modernisation and digitisation of ICT, setting up a short and long term agenda for cyber security via outcome-based programs and providing investments in deep-tech cyber security innovation. DSCI further recommends creating a \’cyber security services’ with cadres chosen from the Indian Engineering Services.

3.2.2.3. Crisis Management:

For adequate preparation to handle a crisis, DSCI recommends holding cybersecurity drills which include real-life scenarios with their ramifications.

3.2.2.4. Cyber Insurance:

Cyber insurance being a yet-to-be-researched field, must have an actuarial science to address cybersecurity risks in business and technology scenarios as well as calculate threat exposures.

3.2.2.5. Cyber Diplomacy:

Cyber diplomacy plays a huge role in shaping India’s global relations. Hence cyber security preparedness of key regional blocks like Bay of Bengal Initiative for Multi-Sectoral Technical and Economic Cooperation (BIMSTEC) and Shanghai Cooperation Organisation (SCO) must be ensured via programs, exchanges and industrial support. To further better diplomacy, the government should promote brand India as a responsible player in cyber security and also create ‘Cyber envoys’ for the key countries/regions

3.2.2.6. Cybercrime Investigation:

With the increase in cybercrime across the world, the report recommends unburdening the judicial system by creating laws to resolve spamming and fake news. It also suggests charting a 5-year roadmap factoring possible technology transformation, setting up exclusive courts to deal with cybercrimes and removing the backlog of cybercrime. Moreover, DSCI suggests advanced forensic training for agencies to keep up in the age of AI/ML, Blockchain, IoT, Cloud, and Automation.

3.3. Computer Emergency Response Team (CERT-In):

The Indian Computer Emergency Response Team (CERT-In) is a ministry of India agency situated inside the Department of Information and Communications Technology Under Section 70B of the Information Technology Act of 2000, as amended in 2008, the Indian Computer Emergency Response Team (CERT-In) is the country’s nodal agency (IT Act, 2000) to deal with cyber-threats such as hacking and phishing. It serves as the focal point for responding to cyber security threats such as hacking and phishing. It increases the Indian Internet domain’s security defences. CERT-In IT act section in section 70B of the Act, as well as many other functions delegated to it from period to period

(CERT-In) detected a major issue in Android Jelly Bean’s VPN functionality in March 2014. CERT-In has been functioning since January 2004. The Indian Cyber Community is CERT-In empanelled. CERT-In empanelled auditors list is a testament to the technical skill of the Security Brigade in performing information security audits. Security Brigade is certified to undertake security assessments of websites, networks, and apps as a CERT-In empanelled auditors list. The operational scope of CERT-In includes everything from being the first responder to cybersecurity crises to educating diverse stakeholders on best practises for securing the nation’s cyberinfrastructure. This is the first of a series of articles that will look at the proactive, reactive, and training mandates of CERT-In, noting significant areas where they can be improved and providing normative means to implement those improvements

3.3.1. Functions:

• CERT-In cyber security work to get information on cyber events is gathered, analysed, and disseminated
• Cyber security incident forecasting and alerting
• Emergency response procedures for cyber security issues
• Coordination of operations related to cyber incidents
• Published guidelines, advisories, vulnerability notes, and whitepapers on information security policies, processes, incident prevention, response, and reporting
• Other cybersecurity-related responsibilities may be required

3.3.2. Recent Cases:

3.3.2.1. Whatsapp and Indian Computer Emergency Response Team (CERT-In):

The Indian Computer Emergency Response Team (CERT-In) has given an admonition to WhatsApp clients in India of a few weaknesses in the texting stage that may bring about the trade-off of delicate client information and individual data The CERT-In says in a high seriousness advisory that the weaknesses were found in explicit adaptations of WhatsApp and WhatsApp Business for both the Android and iOS stages As per CERT-In, the weaknesses in WhatsApp happen because of a store arrangement issue and a missing sound unravelling pipeline, which may permit programmers to run discretionary code or access touchy data on a designated machine

To mitigate the danger, the government’s cybersecurity office has urged users to upgrade their WhatsApp applications on Android and IOS to the most recent versions. This is not the first time CERT-In has issued an advisory with a “high” severity rating, alerting users of several vulnerabilities in the instant messaging platform Last November, the cybersecurity agency issued a similar warning to consumers, informing them that it had discovered two significant vulnerabilities: notably improper access control and user-after-free

CERT-In previously alerted WhatsApp users to a buffer overflow vulnerability in the platform, which enabled an attacker to remotely target a machine using a specially designed MP4 audio or video file At the time, the CERT-In cautioned that successful exploitation of this vulnerability might result in remote code execution or denial of service circumstances for users

3.3.2.2. Facebook and Indian Computer Emergency Response Team (CERT-In):

The administration’s premier cyber defence organisation, CERT-In, has urged Facebook users to safeguard their profile details after it was discovered that personally identifiable information of 533 million Facebook users worldwide, including 6.1 million users in India, was supposedly leaked on the internet and freely distributed on cyber-attack forums

The Computer Emergency Response Team issued a warning stating that it has been reported that a large-scale breach of Facebook profile information occurred internationally. Email addresses, profile IDs, complete names, work titles, phone numbers, and birth dates are all revealed

According to Facebook, the scraped data does not contain financial, health, or password information. Additionally, the firm said based on its analysis, threat actors scraped this data before September 2019 by using Facebook’s “contact Importer” tool, which enables users to locate other members through their phone numbers

3.4. Indian Cyber Crime Coordination Centre (I4C):

The Indian Cyber Crime Coordination Centre (I4C) scheme was authorised for two years (2018-2020) in October 2018 to deal with all kinds of cybercrimes in a systematic and organised manner. It is consistent with the 2013 National Cyber Security Strategy aimed at promoting the development of a safe computing environment and encouraging adequate trust and confidence in electronic transactions, as well as directing cyberspace defence behaviour by stakeholders. This centre is located in New Delhi.

3.4.1        Components Of The I4C Scheme

3.4.1.1       National Cybercrime Threat Analytics Unit (TAU)

• Platform for analysing all pieces of puzzles of cybercrimes.
• Produce cybercrime threat intelligence reports and organize periodic interaction on specific cybercrime centric discussions.
• Create multi-stakeholder environment for bringing together law enforcement specialists and industry experts.

3.4.1.2       National Cybercrime Reporting

• Facilitate reporting of all types of cyber crime incidents with special focus on cyber crime against women and children .
• Automated routing to concerned State/UT based on information furnished in the reported incident for appropriate action in accordance with law.
• Facilitate complainants to view status of action taken on the reported incident.

3.4.1.3       Platform For Joint Cybercrime Investigation

• To drive intelligence-led, coordinated action against key cybercrime threats and targets.
• Facilitate the joint identification, prioritization, preparation and initiation of multi-jurisdictional action against cybercrimes.

3.4.1.4       National Cybercrime Forensic Laboratory (NCFL) Ecosystem

• Forensic analysis and investigation of cybercrime as a result of new digital technology and techniques.
• A centre to support investigation process. NCFL and associated Central Forensic Science Laboratory to be well-equipped and well-staffed in order to engage in analysis and investigation activities to keep-up with new technical developments.

3.4.1.5       National Cybercrime Training Centre (NCTC)

• Standardization of course curriculum focused on cybercrimes, impact containment and investigations, imparting practical cybercrime detection, containment and reporting trainings on simulated cyber environments.
• Development of Massive Open Online Course on a cloud based training platform.
• National Cybercrime Training Centre to also focus on establishing Cyber Range for advanced simulation and training on cyber-attack and investigation of such cybercrimes.

3.4.1.6       Cybercrime Ecosystem Management Unit

• Develop ecosystems that bring together academia, industry and government to spread awareness n cyber crimes, establish standard operating procedures to contain the impact of cybercrimes and respond to cybercrimes.
• Provide support for development of all components of cybercrime combatting ecosystem.

3.4.1.7       National Cyber Crime Research And Innovation Centre

• Track emerging technological developments, proactively predict potential vulnerabilities, which can be exploited by cybercriminals.
• To leverage the strength and expertise of all stakeholders, be it in academia, private sector or inter-governmental organizations.
• Create strategic partnerships with all such entities in the area of research and innovation focused on cybercrimes, cybercrime impact containment and investigations.

3.5         Cyber Swachhta Kendra:

The \” Cyber Swachhta Kendra \” (Botnet Cleaning and Malware Analysis Centre) is a part of the Government of India\’s Digital India initiative under the Ministry of Electronics and Information Technology (MeitY) to create a secure cyber space by detecting botnet infections in India and to notify, enable cleaning and securing systems of end users so as to prevent further infections. The \” Cyber Swachhta Kendra \” (Botnet Cleaning and Malware Analysis Centre) is set up in accordance with the objectives of the \”National Cyber Security Policy\”, which envisages creating a secure cyber eco system in the country. This centre operates in close coordination and collaboration with Internet Service Providers and Product/Antivirus companies. This website provides information and tools to users to secure their systems/devices. This centre is being operated by the Indian Computer Emergency Response Team (CERT-In) under provisions of Section 70B of the Information Technology Act, 2000.

3.6         Other Recent Measures

To strengthen the mechanism to deal with cyber crimes in a comprehensive and coordinated manner, the Central Government has taken steps which, inter-alia, include the following:

• The Ministry of Home Affairs has set up the ‘Indian Cyber Crime Coordination Centre (I4C)’ to deal with all types of cyber crime in the country, in a coordinated and comprehensive manner.
• The state of the art National Cyber Forensic Laboratory has been established, as a part of the I4C, at CyPAD, Dwarka, New Delhi to provide early stage cyber forensic assistance to Investigating Officers (IOs) of State/UT Police.
• The Massive Open Online Courses (MOOC) platform, namely ‘CyTrain’ portal has been developed under the Indian Cyber Crime Coordination Centre (I4C), for capacity building of police officers/judicial officers through online course on critical aspects of cyber crime investigation, forensics, prosecution etc. along with certification. More than 12,500 Police Officers from States/UTs are registered and more than 3,050 Certificates issued through the portal.
• The National Cyber Crime Reporting Portal (www.cybercrime.gov.in) has been launched, as a part of the I4C, to enable public to report incidents pertaining to all types of cyber crimes, with special focus on cyber crimes against women and children.  Cyber crime   incidents  reported  on  this portal, their conversion into FIRs and subsequent action thereon are handled by the State/UT Law Enforcement Agencies (LEAs) concerned as per the provisions of the law.
• The Citizen Financial Cyber Fraud Reporting and Management System, under I4C, has been launched for immediate reporting of financial frauds and to stop siphoning off funds by the fraudsters.
• Seven Joint Cyber Coordination Teams have been constituted under I4C covering the whole country based upon cyber crime hotspots/ areas having multi jurisdictional issues by onboarding States/UTs to enhance the coordination framework among the LEAs of the States/UTs.
• The Ministry of Home Affairs has provided central assistance under ‘Assistance to States for Modernization of Police’ Scheme to the State Governments for the acquisition of latest weaponry, training gadgets, advanced communication/forensic equipment, Cyber Policing equipment etc. The State Governments formulate State Action Plans (SAPs) as per their strategic priorities and requirements including combating cyber crimes. An amount of Rs.1653.20 crore has been released as Central financial assistance under this scheme during the last three financial years (2018-19, 2019-20 and 2020-21).
• Ministry of Home Affairs has provided financial assistance to the tune of Rs. 89   crore    under   Cyber  Crime Prevention  against   Women   and Children (CCPWC) Scheme to the States/UTs for setting up of cyber forensic-cum-training laboratories, hiring of junior cyber consultants and capacity building of Law Enforcement Agencies (LEAs), public prosecutors and judicial officers. Details of funds released to States/UTs upto March, 2022 under CCPWC Scheme is at Annexure. Additional funds are released to the States/UTs on demand basis and Utilisation Certificate furnished. Cyber forensic-cum-training laboratories have been commissioned in 28 States/UTs, namely Andhra Pradesh, Arunachal Pradesh, Chhattisgarh, Gujarat, Haryana, Himachal Pradesh, Kerala, Karnataka, Madhya Pradesh, Maharashtra, Mizoram, Odisha, Sikkim, Telangana, Uttarakhand, Uttar Pradesh, Goa, Meghalaya, Nagaland, Dadra and Nagar Haveli & Daman and Diu, Punjab, Assam, Tripura, Puducherry, J&K, Chandigarh, Rajasthan and West Bengal.
• Training curriculum has been prepared for LEA personnel, Public Prosecutors and Judicial officers for better handling of investigation and prosecution. States/UTs have been requested to organize training programmes. More than 19,900 LEA personnel, Public Prosecutors and Judicial officers have been provided training on cyber crime awareness, investigation, forensics etc. under CCPWC Scheme.
• Cyber Forensics Lab at the Indian Computer Emergency Response Team (CERT-In) has been notified as an Examiner of Electronic Evidence in exercise of the powers conferred by Section 79A of the Information Technology Act, 2000 and is equipped with tools to carry out analysis of digital evidences extracted from data storage and mobile devices. Cyber Forensics Lab is being utilised for analysis of cyber security incidents and supports LEAs in forensic analysis. CERT-In also imparts training to the LEAs through workshops.