Read Time:5 Minute, 1 Second

Advisory Issued By Anshul Saxena Regarding Safeguard Indian Cyber Space This Is Important Subject Where Chinese Hackers Planned Cyber Attack on Indian Cyber space anshul saxena suggested advisory under India’s Top Hackers One Of Cyber Advisor Krishanu Sharma is From Team Indian Cyber Troops

Tweet By Anshul Saxena:

As Per Above Tweet Anshul Saxena Released Advisory On 23 Jun 2020 6:26 PM And Strictly Mentioned Everything To Keep Yourself Safe

ADVISORY REGARDING PRECAUTIONS TO BE TAKEN TO AVOID CYBER ATTACK

Amidst India-China standoff and border clashes, the probability of state sponsored cyber attacks on governmental as well as civilian cyber infrastructure, are imminent. This includes healthcare and pharmaceutical, telecoms, academia, logistics & transportation, emergency utilities, energy sector, and all types of research organisations and even military networks.

This advisory is written considering:

1. How cyber criminals and APT (Advanced Persistent Threat) groups can take advantage of the Covid-19 pandemic.

2. How such cyber attacks can affect common people as well as the people who are working for important organisations with critical information.

3. The mitigation or prevention of such attacks.

APT groups frequently target organisations and government entities in order to collect bulk personal information, intellectual property, intelligence that aligns with national priorities and important research work. On the other hand, common cyber criminals mainly focus on identity theft and gaining login credentials of victims.

Possible attacks and their mitigations:

Phishing:

Cyber criminals may send you emails seemingly coming from healthcare organisations or government entities with titles like “Alert! Your neighbour is affected with Covid-19”, “Check affected persons in your city”, “Recommendations by WHO”, “Relief package for you by govt”, “Coronavirus vaccine is ready!”, “Donate to Covid-19 patients”, etc.

These emails could be phishing emails created to gather your confidential or sensitive information.

Mitigation:

Check the domain(s) or URL(s) mentioned in the mail, the email address of the sender from which you got mail and see if they are really official or not (take help from reliable search engines to know about them).

Check for grammatical and spelling mistakes. Generally, the scamming mails are poorly written.

Sometimes, emails could be spoofed, which means that the sender address could be forged into a legitimate email address. A lazy or newbie cyber criminal may leave the actual REPLY-TO and/or RETURN-PATH in the message header which can be sometimes helpful for you to detect spoofing. Though the former method helps in few cases, it’s better to look into the full email header information which has all the routing information of the mail and check the received (IP and domain) and received-SPF fields.

Also, phishers use IDN homograph attacks. Therefore, it’s better to enable Punycode domain detection in your browser (leading browsers have it enabled by default nowadays).

ADVISORY REGARDING PRECAUTIONS TO BE TAKEN TO AVOID CYBER ATTACK

For organisations:

Organisations need to be bothered about being targeted by APT groups. Password spraying has been increasing among APT groups as a starting point for conducting attacks. Therefore, it’s advisable not to have default passwords for any type of digital instances.

APT groups target organisation’s ‘Global Address List’ (GAL) or for details of those members of the organisation who have access to critical information which can be leaked by internal employees or by other means. Once they get the information of the members of the target organisation, they conduct spear phishing attacks by sending emails (generally spoofed) having malwares embedded in seemingly authentic documents. The document could have a JavaScript code, a Java applet, flash file, etc. which could exploit any vulnerability in your browser, flash player, JVM, or even the email service itself.

APT groups focus on creating malwares meant for antivirus detection evasion, bypassing other facilities or features in the operating systems like UAC, SBM, etc. which allow the malware to execute in the background without user acknowledgement. It may even spread across the network and affect other vulnerable devices. Vulnerabilities in VPNs are also one of the major targets for exploitation among APT groups.

Mitigation:

Spread awareness about the possible spear phishing campaigns. Enable SMTP filters and implement sandbox based automated scanning systems.

Even if you are a small organisation with not an advanced infrastructure, open the emails or suspected files in a virtual machine (copy files from host→ VM direction only) or in a system not connected to the main network of your organisation. Take a snapshot of the state of the system of fresh installations of the OS in the virtual machine. Use tools like ‘Regshot’, ‘What Changed’, etc. Compare the modifications in the snapshot of the state of the system after you have executed those files or opened the emails.

Other important guidelines:

1. Update VPNs, Operating System, important day-to-day operational softwares, network infrastructure devices, and systems being used for remotely connecting into institutional systems.

2. Use browse-down architecture to prevent attackers from easily gaining privileged access to the most critical information.

3. Set up a security monitoring capability or logging to collect the data that will be needed to analyse or investigate any network intrusions or cyber attacks.

4. Establish and periodically review your incident management capability to detect, manage and analyse security incidents.

5. As DDOS attacks are common, have a proper DDOS response plan in advance (also outsource your DDOS prevention to a cloud-based service).

If you have a website or mobile application:

Get your website or mobile application tested for vulnerabilities or security loopholes. Try to encourage white hat hackers or genuine penetration testers to test your website or mobile application for potential vulnerabilities and report them to your concerned team in a responsible manner. It’s recommended to have a dedicated bug hunting or bug reward program which mentions in-scope, out-of-scope, responsible disclosure policies clearly.

Advisory issued by:

About Post Author

Indian Cyber Troops

Indian Cyber Work For Nation's Wellness And Nation's Security We Share new and unique things with you Jai Hind Jai Shri Ram