Recently coordinated social engineering attacks are in the news. Examine the implication of such attacks. How far is India prepared in facing such cyber security challenges?
Coordinated Social engineering attack – Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices in order to gain access to systems, networks or physical locations, or for financial gain.
Cyber criminals are using innovative social engineering techniques through spam, phishing and social networking sites to steal sensitive user information to conduct various crimes, ranging from abuse to financial frauds to cyber espionage.
Implication of such attacks
Today, ‘social engineering’ is one of the most prevalent social media threats and also the most popular tactic for cyber criminals. Social media platforms allow attackers to find personal information that can be used to target specific individuals. Using information from employee profiles, a plausible fake account can be created to establish trust over time. Once the trust is built, the attacker might start asking for specific information, like internal server names, project names, or even have the new friend open an infected document or visit a prepared website that will drop a backdoor onto their computer. Eg: The recent case of BrahMoS Engineer being lured by Pakistan’s ISI.
India’s preparedness for Cyber security: · Information Technology Act, 2000: The act regulates use of computers, computer systems, computer networks and also data and information in electronic format. · Strategies under National Cyber Policy, 2013 § Creating a secure cyber ecosystem and creating mechanisms for security threats and responses to the same through national systems and processes. § National Computer Emergency Response Team (CERT-in) functions as the nodal agency for coordination of all cyber security efforts, emergency responses, and crisis management. § Securing e-governance by implementing global best practices, and wider use of Public Key Infrastructure. § Protection and resilience of critical information infrastructure with the National Critical Information Infrastructure Protection Centre (NCIIPC) operating as the nodal agency. · Cyber Surakshit Bharat Initiative: It was launched in 2018 with an aim to spread awareness about cybercrime and building capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments. · National Cyber Security Coordination Centre (NCCC): In 2017, the NCCC was developed. Its mandate is to scan internet traffic and communication metadata (which are little snippets of information hidden inside each communication) coming into the country to detect real-time cyber threats. · Cyber Swachhata Kendra: In 2017, this platform was introduced for internet users to clean their computers and devices by wiping out viruses and malware. · International cooperation: Looking forward to becoming a secure cyber ecosystem, India has joined hands with several developed countries like the United States, Singapore, Japan, etc. These agreements will help India to challenge even more sophisticated cyber threats.
Cyber awareness must be spread and there should be a multi-stakeholder approach- technological inputs, legal inputs, strengthening law enforcements, systems and then dealing with trans-border crime involves a lot of international cooperation.