CERT-In has a very difficult task at hand as nation-state bad actors build sophisticated software and generate flaws to enter networks in order to disable vital infrastructure and pry into the private lives of important individuals via surveillance ware.
The Indian Computer Emergency Response Team (CERT-In) has a very difficult task at hand as nation-state bad actors develop sophisticated software and install flaws to breach systems to damage vital infrastructure and pry into the private lives of people who matter via surveillanceware.
In January and February of this year, CERT-In recorded more than 2.12 lakh cybersecurity incidents, compared to more than 14.02 lakh occurrences in 2021.
Rajeev Chandrasekhar, Minister of State for Electronics and IT, provided these statistics in response to a query in the Rajya Sabha in March without identifying the source of the cyberattacks.
According to cybersecurity firm Trellix, nation-state bad actors have dramatically boosted their cyberattacks on key infrastructure, and India saw a 70% spike in ransomware activity in the fourth quarter (Q4) of 2021.
Russian and Chinese-backed organisations were the source of more than half of antagonistic advanced persistent threat actor activities.
Oil India’s (OIL) system in Assam was recently the target of a cyberattack using Russian malware that was recently installed from a server in Nigeria.
The state-owned corporation had experienced a significant cyber assault at its field headquarters in Duliajan, eastern Assam, and the hacker had demanded $75,000 from the company.
Threats are sharply increasing in the transportation, healthcare, shipping, manufacturing, and information technology sectors.
According to cybersecurity company Norton, India experienced over 18 million cyberattacks and threats in the first three months of 2022, or over 200,000 threats every day.
As per experts from IBM’s X-Force Threat Intelligence team, the nation was among the top three in Asia for the number of server access and ransomware assaults that year.
In such a case, CERT-In would have many more duties in addition to issuing warnings, including as developing an infrastructure to resist nation-bad actors by following the lead of international cyber agencies.
According to recent reports, the government is considering establishing a specialised Computer Security Incident Response Team (CSIRT) to counteract assaults on vital infrastructure, such as the power grid.
Through new regulations requiring VPN service providers, along with data centres and cloud service providers, to store information such as names, email IDs, contact details, and IP addresses of their customers for a period of five years, CERT-In is also hard at work addressing the country’s virtual private network (VPN) providers.
VPN providers have been allowed an additional three months by the cyber agency to abide by its new restrictions, which will take effect on September 25.