Guest Column: Abhijeet Singh, Cyber Security enthusiast, analyst, trainer
In 2018, an engineering company in Mumbai was the victim of a cyber attack, who made transfer of over Rs 20 lakh from their accounts. According to the registered FIR by Powai police, it was a case of Man-In-The-Middle (MITM) attack, where attackers intercepted the communication of the company and targeted the hacked parties for transferring the money in hacker’s account. No arrests have been made in the case as yet. MITM is a public domain wireless attack, which can be performed very easily by a small level hacker.
Security is a major concern in people’s mind today. From posting an update on social media website to a transaction of even small amount of money. Everyone is concerned with their security. From a Small and Medium Enterprise to a large scale organisation, data is kept online for keeping tracks and records. “Digital India” was started for doing the same, to keep every type of transaction online. But, this increasing curve in technology also results in increasing curve in cyber threats. Resulting in leaving all types of organisations vulnerable to cyber threats.
India, being the second largest country in population, is ranked 3rd in the list of nation where the highest number of cyber attacks and threats are detected. In the duration of one year, Indian businesses have been the victim of ransomware attacks in a row – WannaCry, GoldenEye, Petya and Locky. Ransomware is a type of Malware, which locks down or encrypts your computer/laptop and will not let you use it, unless you pay the hacker some amount of money (ransom). Very few of the business reported this attack due to the fear of losing their reputation. Cyber Experts believed that India is being hit hard by such malicious and dangerous cyber attacks because they are ill-prepared towards cyber threats.
Inspite of these malware attacks, India's business sector is also a victim of cyber frauds, such as Social Engineering and Phishing. Social Engineering is the manipulation of human mind to do the dirty work of a Hacker, without the need of any computer devices and programming. Some major forms of Social Engineering are – Vishing : Voice Solicitation and Phishing: Getting people’s Juicy information such as username, password, credit/debit card information in the form of a mail.
Everyone of us might have received a phishing mail at some point, It is this email that cyber security professionals and IT professionals warn us about. But on the same hand, these phishing mails are too tempting to resist. These phishing mails gives us the offers and discount codes, which we have never seen before and these discounts can be avail just by clicking the link and logging into a login panel which is provided by these phishing mails, web-pages and web-sites.
Most of the times, in Corporates, companies and organisation, employee receives a mail, which is a phishing mail, having the subject – “A mail from your CEO”, which is again toot hard to ignore. This in future can lead to system hacking/hijacking, network compromise or breaching of data. For doing such work, there are FoC tools available on the internet, in public domains.
As mentioned above, the case of MITM attack, there are many other cases of cyber frauds in India, which are mentioned below.
A 23-year-old girl, who was management trainee in a leading bank was apparently cheated of Rs 1.56 lakh after hackers got the details of her debit card details and blocked the SMS alerts from her. The police said that the hackers could also have changed her card’s PIN number.
The cyber cell department of Gurugram Police arrested a 27 years old boy, B. Com. graduate for continuously cheating over 100 people from NCR area just by harvesting their credit/debit card details. The attacker got arrested from Jharsa Crossing and got four-day remand. The hacker was identified as Vikas Jha of Muzaffarpur, Bihar.
In July 2018, hackers hacked into server of ATM of Canara bank and stole almost a sum of 20 Lakh rupees from 50 different bank accounts.
It was believed that hackers were holding and harvested the account details of over 300 ATM users across the country. These hackers used skimming devices to harvest the information of card holders and made transaction from INR 10,000 to INR 40,000 per account.
"As per the details shared by Reserve Bank of India (RBI), complaints were received regarding e-wallet scam involving 1,020 bank accounts in 351 bank branches of public and private sector banks (13 banks)," Minister of State for Electronics and IT K J Alphons said in a written reply to Lok Sabha.
“I am afraid, cyber attack would occur very often. Tools already exist to mount cyber attacks and they will be improving over the next decade. We have already witnessed an increase in the number and severity of such attacks,” quoted Mr. Rajnath Singh, The Home Minister.
It is very much clear that the cyber practices of Indian businesses are not up to the mark and they are now realising this fact.
As per the above mentioned cases, there are many cases in which Indian business and other Indian business organisations are directly targeted. According to new study 64 per cent of Indian companies faced a cyber attack on their systems in 2017 & 2018.
According to the survey conducted by IBM – “In 2017, the average cost of a data breach in the country rose nearly 8% year-on-year to Rs11.9 crore ($1.7 million)”.
There is a requirement of 30 lakh cyber security experts in India, but on an average total number of cyber security experts which emerges in India is 30,000 every year.
Suggested steps to prevent cyber attacks:
*Start with doing the compliance and auditing, more specifically – ISO 27001 and ISO 27002.
*Start training their employees for Information-Security, so that they can be aware of such cyber threats.
*Stop using free applications and software. Purchase the paid versions of the softwares which are in organisational use.
*Always download the material from trusted and reputed web sites so that it should be confirmed that the downloaded attachment is secure to use.
*Always confirm and verify the email and attachment before opening or downloading it.
*Never enter your credentials or any other information in any unauthorised website, webpage or any email, it could be a phishing mail.
*Never share the credentials of the company’s network to other people outside the company.