India’s critical sectors may fall prey to inimical forces which could use relaxations in geofencing restrictions granted to employees working from home to make cyber attacks, said an assessment by the National Technical Research Organisation (NTRO). Sectors including government undertakings, strategic and public enterprises, banking and financial services, telecom, power, energy and transport, among others, are susceptible to such attacks.
“In view of the lockdown, several critical sector entities have relaxed their geofencing restrictions to allow their personnel to log-in and work from home. This has increased the attack surface available to threat actors (cyber criminals) from neighbouring countries. Another modus operandi being used by them is to send out legitimate-looking coronarelated advisories impersonating as officials from the government and health organisations, through malicious e-mail attachments,” said an official from the National Critical Information Infrastructure Protection Centre (NCIIPC).
These impersonators are seeking donations for Covid-19 and trying to steal credentials for online fraud. Recently, the government had to issue a clarification over cyber criminals sending e-mails and WhatsApp messages stating that the government of India was giving Rs 1,000 to those under the socalled Corona Sahayata Yojana scheme. The message requires people to click on a link and provide their bank details and other information. The Centre on Sunday clarified the claim and the link were fraudulent and warned people against clicking on it.
“There has been a notable increase in the number of domains created using the words ‘Corona’ or ‘Covid-19’. A vast majority of these are malicious, aimed at stealing credentials. Those who have visited such domains are advised to ‘reset’ their passwords immediately,” cautioned another official from the Ministry of Home Affairs (MHA). The NCIIPC under NTRO has issued guidelines that include application whitelisting, blocking unused ports, turning off unused services and monitoring network traffic to prevent such attacks.
The government had advised government employees working in critical sectors to be vigilant, and closely monitor privileged users and administrators of critical accounts. “Track all CRUD (create-read-update-delete) activities in Identity and Access Management (IdAM). Focus on resilience of backups against ransomware attacks,” it said.
The MHA had, earlier this month, issued an advisory on the use of Zoom meeting platform by private individuals, government officers and by officials for official purposes, stating that the platform is not safe. “The guidelines have been issued to safeguard private individuals who would still like to use the platform for private purposes. The broad objective of this advisory is to prevent any unauthorised entry into a Zoom conference room and prevent the unauthorised participant to carry out malicious attacks on the terminals of other users in the conference.”
Leave a Reply