On August 5, 2022, Twitter disclosed
that a hacker nicknamed "Devil" exploited a flaw in their algorithm
and offered a sizably large dataset of personal identifiers such as phone
numbers and emails on internet forums for $30,000. Upon further investigation,
it was discovered that the bug had impacted more than 5 million people. Another
infamous incident took place on July 2022 when hackers gained control of the
British Army's Twitter account. The social media account had its name and
picture changed several times and even went on to organize a full fledge
contest to win Angry Apes non-fungible tokens (NFTs), digital art stored on a
blockchain. According to minister of State for Electronics and
Information and Technology, India reported 14.02 Lakh cybersecurity incidents
in 2021 and13.91 Lakh such incidents in 2022. These are just a few of the
numerous cyber-attacks that took place in recent years. So, what is Cyber-security
and why is it important?
Cyber Security is a process that is designed to protect
networks and devices from external threats. It is the protection of
Internet-connected systems, including hardware, software, and data from
cyber-attacks
The word "Cyber" refers to technologies that involve systems,
networks, and programmes or data. While "security" refers to the
protection of networks, information, and computer systems. Effective
cybersecurity implementation requires knowledge of both Cyber Security
Principles and cybersecurity domains.
The Cyber Security Principles are a set of guiding
principles developed for improving the online security of Internet users. They
protect and provide strategic guidance against cyber threats or malicious
security breaches. These principles have been developed to
mitigate the cyber threats ingrained in internet usage. The Cyber Security
Principles can guide, inform, educate, support, and secure us against online
crimes. These Principles are necessary to provide tactical guidance for
understanding and implementing measures to protect any organisation from cyber
threats. These principles can be better understood when we group them into four
activities: Govern, Protect,
Detect and Respond.
a) Governing principles are
used to identify and manage security risks.
b) Protecting principles help
in implementing controls to reduce security risks.
c) Detecting principles help
detect and understand cyber security events to identify cyber security
threats.
d) Responding principles help
in recovering and responding to cyber security incidents.
Along with the Cyber security principles, the cyber
security domains should also be taken into consideration while developing the cybersecurity
policy. The following is a comprehensive cybersecurity domain list:
·
Career
development
·
Computer
operations security
·
Cyber forensics
·
ERM
·
Identity
management
·
Incident response
·
Security
architecture
·
Telecommunications
security
·
User
education
Nowadays, there are more users, devices, and programmes
than ever before, and there is also a greater volume of data—much of it private
or sensitive—than ever before. The rise in the number, sophistication, and variety of cyber attackers
and attack techniques further complicates the issue. Keeping up with new
technologies, security trends, and threat information is a challenging task.
Let's examine a few of the horrifying cyberattacks that shocked the world and
ultimately prompted fundamental changes in how intrusions are addressed.
1. The Melissa Virus:
In 1999, programmer David Lee Smith created
the Melissa Virus, one of the first and most dangerous cyberthreats. He emailed
recipients a file to open using Microsoft Word that was infected. After being
opened, the virus started to work and severely damaged hundreds of businesses,
including Microsoft. The anticipated cost of fixing the damaged systems was $80
million.
2. NASA Cyber Attack:
Around the same time, James Jonathan, a 15-year-old
boy from South Florida, was successful in hacking and shutting down NASA’s
computers for 21 days! During the attack, there were about 1.7 million software
downloads, and the space giant had to spend $41,000 on fixes. He later made
history by becoming the country's first juvenile to be imprisoned for
cybercrime.
3. The 2007 Estonia
Cyber Attack: As a result of Estonia's disagreement with
Russia over the relocation of the Bronze Soldier of Tallinn, a series of
cyberattacks began on April 27, 2007 and targeted websites of Estonian
organisations, including the Estonian parliament, banks, ministries,
newspapers, and broadcasters. The
direct result of the cyberattacks was the creation of the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia. As of January 2008, only one ethnic-Russian Estonian national had been charged
and convicted.
4. Cyber Attack on
Sony’s PlayStation Network: The cyber-attack
on Sony’s PlayStation Network in 2011 compromised the personal information of
77 million users. The attack occurred between
April 17 and April 19, 2011, forcing Sony to deactivate the PlayStation
Network servers on April 20. The outage lasted 23 days. On May 14, Sony
released PlayStation 3 firmware version 3.61 as a security patch.
The firmware now ensures that users change their account's password upon
signing in.
5. The 2014 Cyber
Attack on Yahoo: In 2014, Yahoo was
subject to one of the biggest cyber-attacks in history. The hackers had
obtained data from over 500 million user accounts, including account names,
email addresses, telephone numbers, dates of birth, hashed passwords, and in
some cases, encrypted or unencrypted security questions and answers. On March 15, 2017,
the FBI officially charged four men, including two who worked for Russia's Federal
Security Service
(FSB). The four men accused included Alexsey
Belan, a hacker on the FBI's
Ten Most Wanted Fugitives list; FSB agents Dmitry Dokuchaev and Igor Sushchin,
whom the FBI accused of paying Belan and other hackers to conduct the hack, and
Canadian hacker Karim
Baratov,whomo
the FBI claimed was paid by Dokuchaev and Sushchin to use data obtained by the
Yahoo! breaches to breach into about 80 non-Yahoo! accounts of specific
targets.
6.Attack
on PayPal customers: In a very recent event, popularly known as
"credential stuffing," hackers entered tens of thousands of user IDs
and passwords obtained through prior breaches into fields intended for users.
Credential stuffing truly works since it is common for people to use the same
credentials for several accounts. In
this particular case of PayPal users, hackers got two days' worth of access to
34,942 users' full names, birthdates, social security numbers, postal
addresses, and unique tax identification numbers. This is the very
reason why cybersecurity experts emphasise using two-factor
authentication
whenever possible. In addition, people should always use long, unique, and
random passwords for each of
their online accounts. Those will be less likely to show up on the lists of
passwords used to crack accounts in credential-stuffing attacks.
While an overwhelming number of
cyber-attacks were taking place globally, India was not spared either. In 2022
alone, the country was shaken by the following major cyber-attacks:
(i)
Attack on Jawaharlal Nehru Port Container Terminal (JNPCT): India’s
only state-owned and operated container terminal Jawaharlal Nehru Port
Container Terminal (JNPCT) was reported to have begun turning away
ships after a ransomware attack took place on 21st February, 2022.
JNPCT is India’s largest container port and handles half of all the containers
in India. The local reports discovered the attack and began diverting ships to
the other terminals in a complex located near Mumbai.
(ii) Ransomware
Attack in May 2022 - SpiceJet Airline: Indian airline
SpiceJet was attacked on 24th, May which slowed down the departure of
flights the next morning. It led to hundreds of passengers stuck in the airport
and stranded in several locations in the country. The airline later posted on
Twitter and confirmed that its system had faced ransomware attacks.
(iii) Attack on Tata
Power: India’s largest integrated power company – Tata Power,
faced ransomware attacks on 14th Oct, 2022. The Hive ransomware organisation,
which has victimised over 1,300 businesses globally and collected almost $100
million in ransom payments, was responsible for the cyberattack. The
organisation started releasing the stolen information on their dark web forum
soon after the attack was launched. The leaked
data included bank accounts of the company, bank statements as well as details of
its employees including their remuneration and passport information. Tata
Power's battery usage information as well as schematics for some of its grids
were also included in the hacked material.
(iv)
Attack on All India Institute of Medical Service or AIIMS:
India’s leading public medical institute, All India Institute of
Medical Service or AIIMS, experienced a cyber-attack on 23rd November,
2022. This attack affects hundreds of patients and doctors accessing primary
healthcare services, including discharge, billing, and patient admission systems.
Cyber-attacks could be of different
types:
1.
Injection
attacks: Involves injection of malicious data into a web application in order to
manipulate the application and fetch the required information.
2.
DNS
Spoofing: DNS Spoofing is a type of computer security hacking. Whereby a data
is introduced into a DNS resolver's cache causing the name server to return an
incorrect IP address, diverting traffic to the attacker’s computer or any other
computer.
3.
Phishing:
Phishing is a type of attack which attempts to steal sensitive information like
user login credentials and credit card number.
4.
Brute
force: It is a type of attack which uses a trial-and-error method. This attack
generates a large number of guesses and validates them to obtain actual data
like user password and personal identification number. This attack may be used
by criminals to crack encrypted data, or by security analysts to test an
organization's network security.
5.
Denial
of Service: It is an attack which is meant to make a server or network resource
unavailable to the users.
6.
Dictionary
attack: The attack involves storing a list of commonly used passwords and
validate them to get original password.
7.
URL
Interpretation: It is a type of attack where one could change a certain part of
a URL, and make a web server deliver web pages for which he is not authorized
to browse.
8.
Man
in the middle attacks: The attack allows the attacker to intercept the
connection between client and server and acts as a bridge between them. Due to
this, the attacker would be able to read, insert and modify the data in the
intercepted connection.
9.
Virus:
The Melissa Virus
is a classic example, where a software program spreads throughout the computer
files without the knowledge of a user. It is a malicious computer programme
which when executed, self-replicates by incorporating copies of itself into
other programmes.
10.
Trojan
horse: It is a malicious program that occurs unexpected changes to computer
setting and unusual activity, even when the computer should be idle. It
misleads the user of its true intent.
With the rapid
development of information technology, it has become critical for the Indian
Government to provide a safe and secure cyberspace. The government of India has
taken a number of steps to ensure that the nation reaches the goal of a $5
trillion economy in an effort to create a "cyber-secure nation" for
businesses and individuals. The introduction of the "Indian Computer
Emergency Response Team" (CERT-In), which serves as the national
organisation to address the nation's cyber security, is one such endeavour.
This initiative has had a significant impact on lowering the frequency of
cyberattacks on government networks.
Another initiative taken up by the government is the NCIIPC.
It is a central government establishment, formed to protect critical
information about our country, which has an enormous impact on national
security, economic growth, and public health care. Additionally, The Indian
Government has published a written guideline for CISOs of government
organizations, outlining best practices for safeguarding apps, infrastructure,
and compliance. Considering the security of personal data and information of individuals
and to protect Indian users from global breaches, the Personal Data Protection Bill 2019 (PDP Bill 2019) was tabled in
the Indian Parliament by the Ministry of Electronics and Information
Technology on 11 December 2019. The bill addresses the processing and storage of any
important data pertaining to individuals only in India. Additionally, the
measure seeks to hold social media corporations more responsible and to
pressure them to stop the spread of objectionable content. The government also
introduced the National Cyber Security Policy in 2013, whose purpose is to
establish a secure and resilient cyberspace for individuals, organisations, and
the government. Through coordinated efforts of institutional structures,
people, processes, and technology, the objective is to offer protection to
cyberspace information and infrastructure, build capacities to prevent and
respond to cyberattacks, and minimise damage.
In addition to the government's efforts, it is also the
duty of netizens to educate people about the need to keep their systems free of
malware and viruses. People can use certain inexpensive cyber security methods to
protect themselves from various sorts of cyber-attack.
1.
Changing
passwords is the easiest way to improve security.
2.
We
could always use a password manager tool like LastPass, Dashlane, or Sticky
Password to keep track of everything for us. These applications help us use
unique, secure passwords for every site we need while also keeping track of all
of them for us.
3.
An
easy way for an attacker to gain access to our network is to use old
credentials that have fallen by the wayside. Hence, we should always remember
to delete unused accounts.
4.
Enabling
two-factor authentication to add some extra security layers to our logins. An
extra layer of security that makes it harder for an attacker to get into our
accounts.
5.
Keeping
Softwares up to date.
India is the
second-fastest digital adapter among 17 of the most digital economies globally,
and rapid digitisation does require forward-looking measures to boost
cybersecurity. However, the country is facing a shortage of cyber security
professionals and active cyber defences. Currently, the country relies heavily
on international companies for its cyber security tools. This makes India's
cyberspace vulnerable to cyber-attacks motivated by state and non-state actors.
Therefore, it is becoming increasingly important for educational institutions,
such as public and private colleges, business groups, and Industrial Training
Institutes (ITIs), to offer courses on cybersecurity. It is also important that
opportunities are created for developing software in order to protect digital
communications and cyber security. The need of the hour for the Indian
government is to develop core skills in cyber security, data integrity, and
data security fields while also setting stringent cyber security standards to
protect banks and financial institutions.
Plabita Borbora, HOD Dept. of Computer Engineering, AEI
Source: Internet.
Plabita Borbora, HOD, Dept. of Computer Engineering