40,000 cyber attacks on India in recent past. But it seems like we have not learnt from our mistake. Even high end security certificate (SSL) are not installed in many of the important Indian Government portals.
Eg: Indian Govt’s main portal https://www.india.gov.in/ has the SSL certificate.
We see encircled Lock symbol means it is https or SSL certificate installed.
Let us have a look at another govt portal which is belongs to Ministry of Commerce and Industry which is responsible to certify Intellectual Property of different individuals and organisation.
We can see the “Not Secure” in underlined area. And the same site also appear in secure mode. Look at the same site in SSL mode.
Reason of this variation can be more than one. One of the reason might be the SSL is not signed by high authority trusted domain.
Even SSL signing authority is highly trusted
Actually, when a site is accessible through both SSL and NON-SSL URL’s it means SSL has not been set as the default route for the domain. It does not mean that the SSL signing authority has an issue. The NIC, who is responsible to make and manage govt portals, should have configured it to follow strict SSL protocols. Also, SSL does not mean a site won’t face cyber attack or can’t be hacked. SSL just makes sure when a user interacts with the site, the data transmitted are encrypted and not intercepted by any 3rd party.
The standard SSL certificates are AES 256bit. However, there are some industry rated high-end SSL certificates are also available which could cost a few thousand dollars. They offer 10 times more security and 24×7 malware scans as extra features. Govt should go for such types SSL certificates.
But, in this time the hacker will do the job which may result in compromising security of the user and the portal.
In last 4 to 5 days India faces the worst ever cyber attack from Chinese hackers. The number of cyber attack has reached to more than 40,000.
Mostly the attack was targeted to banking , Information Technology infrastructure and also on top private companies . Till now the attack remains as attempt. Maharastra Police has confirmed the cyber attack. Maharastra State’s police department’s Inspector General of cyber wing said about such attack on Indian Companies and Banks.
Information from “Deep Web”
Deep Web or Dark Web is a term used for hackers den or safe zone. Mostly the search engines like Google do not penetrate into the world of Deep Web. There is information about list of companies prepared by the Deep Web for more attacks. The community of cyber intelligence had already warned about the cyber attack. According to One of cyber intelligence agency named “Cyfirma” had reported about it on 23rd June 2020. According to the agencies the attack is due to “border conflict between India and China results the rising in cyber attack” and some other says “It is due to cancellation different work orders of Chinese companies by Indian Govt.
List of Companies on High alert
- MRF Tyres
- Sun Pharma
- Intex Technologies
- Appolo Tyres
- L n T
Chinese Deep Web
Most of the cyber attack routed from PLA Unit 61398. PLA stands for People’s Liberation Army . The Unit 61398 is stationed at Pudong, Shanghai.
According to sources there are around 3 lakhs plus members in Chinese hackers community. Around 93 % of those hackers are sponsored by Chinese Govt or directly work for Chinese People’s Liberation Army. These hackers keep attacking on India, Japan, United States of America, South Korea, Australia.
Australia had a big cyber attack in recent past. Australia’s Prime Minister has confirmed the attack. The attack was due to Australia’s demand of enquiry on Corona Virus against China.
Solution to cyber attack
Solution is to make a integrated cyber command. We have Army, Airforce and Naval for defence. Now it is the high time to create a fourth wing of defence as cyber command. Most of developed nation have their own cyber force who deal with such cyber attacks. India is going bring Cyber security guideline. India had given recruitment to its first cyber security chief Dr Gulshan Ray. After his retirement lieutenant general (Rtd) Rajesh Panth will take charge. His responsibilities will be to create a coordination channel between different agencies. Mr Panth will work as national cyber security coordinator. Most of Cyber security in India is taken care by private players. These private venders neither get detail information nor they can work efficiently.
Few immediate preventions to avoid cyber attack
- Upgrade Firewalls regularly
- Always use https with high-end SSL certificates
- Must configured portals to follow strict SSL protocols
- Smart phone users must download apk (apps) files only from Play Store
- Use virtual keyboard while using internet banking.
- Use strong password and do not use same password for different sites.
- Keep changing the passwords in regular interval.