CERT-In report on cyber attacks

Context: The Indian Computer Emergency Response Team (CERT-In) has prepared a report on cyber attacks in the country.

Highlights of the report:

• It has been observed that China continues to “intrude” Indian cyberspace in a “significant” way. The cyber attacks from China made up 35% of the total number of cyber attacks on official Indian websites, followed by US (17%), Russia (15%), Pakistan (9%), Canada (7%) and Germany (5%).
• There is also the possibility of “malicious actors from Pakistan using German and Canadian cyberspace for intruding into Indian cyberspace and carrying out malicious activities”.
• They are targeting by sending spear phishing emails with malware attachments. Phishing attacks are usually in the form of an email from a trusted source where they ask for personal details such as bank details personal details, passwords.

Institutions affected:

Many of the institutions impacted by the malicious activities have been identified, and they have been advised to take appropriate preventive action.

These include Oil and Natural Gas Corporation (ONGC), National Informatics Centre (NIC), Indian Railway Catering and Tourism Corporation (IRCTC), Railways, Centre for Railway Information Systems (CRIS) and some banks like Punjab National Bank among others.

About CERT-In:

What is it?

CERT-In (the Indian Computer Emergency Response Team) is a government-mandated information technology (IT) security organization. CERT-In was created by the Indian Department of Information Technology in 2004 and operates under the auspices of that department.

It’s purpose:

The purpose of CERT-In is to respond to computer security incidents, report on vulnerabilities and promote effective IT security practices throughout the country. According to the provisions of the Information Technology Amendment Act 2008, CERT-In is responsible for overseeing administration of the Act.

Sources: toi.