By Brian Pereira
CERT-In is the Indian Chapter of the global Computer Emergency Response Team (CERT), and it has been in existence since 2004. The Indian Information Technology Amendment Act 2008 denotes CERT-in as the national agency to perform various cybersecurity functions, primarily, the collection, analysis and dissemination of information on cyber incidents in India. Speaking at the CSI-InfoComm Summit 2019, in Mumbai last month, Dr. Sanjay Bahl, Director General, Indian Computer Emergency Response Team (CERT-In) said the alerts, advisories and vulnerability analysis that it issues increased from 276 to 436 between 2017 and 2018. He also said that the response activity within CERT-in has increased tremendously.
“In 2015, we were providing a response activity every 10 minutes. But since 2018, we are expected to provide a response activity every two and a half minutes. And we operate 24×7 and 365 days in the year,” said Dr. Bahl. “This shows that reporting has increased. Awareness has also increased. And it also means that ICT penetration in the country has increased.”
CERT-In performs detailed analysis and investigations of cyber incidents and produces vulnerability analysis, alerts, advisories and reports. It is now issuing such alerts and reports every two and half minutes.
“This is due to the increase in the number of products and the frequency of versions. These products have security bugs and have not been completely tested for security. Secondly, we are also seeing new zero-day vulnerabilities that are being exploited. The type of targeted attacks that are happening has also raised the number of security alerts and advisories,” said Dr. Bahl.
Dr. Bahl spoke about the nature of attacks observed by CERT-in. This includes financially motivated crime by state and non-state actors. He told the audience that Advanced Persistent Threat (APT) actors are collaborating to conduct espionage and also financial fraud attacks using the same infrastructure, techniques, tools and processes.
“We are seeing customers being targeted through attacks on their Managed Security Service Providers (MSSPs). We are seeing modular malware, ransomware, crypto-mining attacks and DDoS attacks. These abuse the Internet infrastructure as well as IoT,” he said.
CERT-In also notes the increase in data leaks occurring through unsecured cloud services. It attributes this to misconfiguration issues.
“We observe the spread of automated misinformation and influencing campaigns by state and other malicious organizations, through social media,” said Dr. Bahl. “They are also looking to compromising the privacy of individuals by pushing malware through social media.
There is also tampering of global supply chains, SIM swapping, and SIM hijacking for financial fraud.”
CERT-In’s activities can be classified into four distinct areas: cyber incident response, cyber assurance, cyber intelligence, cyber cooperation and collaboration. It has been empowered by the IT ACT to impose strict action against individuals or organizations that do not report security incidents.
“Incidents need to be reported to CERT-In. All reported incidents are kept confidential. If incidents are not reported then CERT-In can impose a penalty of Rs 100,000 or one-year imprisonment or both. And this is enforced by the Indian IT Act,” said Dr. Bahl.
Rs 100,000 is equivalent to US$ 1,408.62.
CISO MAG was invited to attend the CSI-InfoComm Summit 2019.