The National Technical Research Organisation (NRTO) has done an industry-wide assessment to check on cyberattacks. Sectors including government undertakings, banking and financial services (BFSI), telecom, power, energy, and transport are susceptible to cyberattacks. The use of personal computers and unsecured internet connections are the majority of reasons behind attacks reported by enterprises.
India’s nodal agency to fight against cyberattacks, CERT (Computer Emergency Response Team) has raised a red flag. The agency says that even the Virtual Private Networks (VPNs) are under threat of cyberattacks. It is important to ensure the security of endpoint devices to eliminate the cyberthreat. Personal devices being used to access enterprise infrastructure is leading to cyber attacks. Less secure devices have expanded the threat surface available for cybercriminals.
The official from the National Critical Information Infrastructure Protection Centre (NCIIPC) said, “In view of the lockdown, several critical sector entities have relaxed their geofencing restrictions to allow their personnel to log-in and work from home. This has increased the attack surface available to threat actors (cybercriminals) from neighbouring countries. Another modus operandi being used by them is to send out legitimate-looking corona related advisories impersonating as officials from the government and health organisations, through malicious e-mail attachments.”
A lot of cybercriminals are impersonating to seek donations for Covid-19. Some of these attackers also steal credentials for online fraud. The government has recently issued a clarification over cybercriminals sending emails and WhatsApp messages stating the government is giving away Rs 1,000 under Corona Sahayata Scheme. The message leads to a link which prompts users to provide their bank details and other information.