SOURCE: BUSINESS TODAY
The Department of Telecommunication (DoT) has written a letter to all web portals and websites used by officials in the ministry to conduct a security audit and submit a compliance certificate amid reports of a spike of cyberattacks by Chinese hackers. The DoT has also requested to all other ministries and departments to migrate their websites and web-portals to the gov.in domain by August 31.
The Chinese cyberattacks included phishing, data exfiltration, remote access tool malware, and keylogging (tracking every keystroke made by a user), The Indian Express reported. Hence, the DoT has urged its officials to upgrade their online security and systems. Meanwhile, a report on possible cyber-attacks and security aspects of sensitive government websites have also been submitted to the Indian Computer Emergency Response Team (Cert-In).
There have been multifold cyberattacks since the Galwan Valley skirmish and the ban on 59 Chinese apps in India. A government official told the daily that one common pattern in these attacks and malware was — CnC (Command and Control) servers in China.
He added, “Right after the (border) clashes, we observed up to 10,000 attack attempts per day. It has come down a bit but we have to be alert”. BusinessToday.in had reported in June that there was a 200 per cent increase in cyberattacks from China towards India after the Galwan face-off.
Last month, Cyfirma Chairman and CEO Kumar Ritesh had told BusinessToday.in that a host of companies like SBI, ICICI Bank, Air India, LIC, Nuclear Power Corporation, Indian Oil, Reliance Jio, Amul, Karbonn Mobiles, HAL, Hero MotoCorp, Dabur, SAIL, Wipro, and others were being targeted by Chinese hackers.
In October 2019, DoT sent a similar note to all web portals and websites, but that yielded no results. In that letter, the DoT wrote that a security audit was necessary for the “robustness of information systems and associated networks”.
The DoT had sent the letter after it was found that “data exfiltration” was taking place from one of the web portals of the ministry that did not have a valid cyber-security audit.
