Facing repeated cyberattack attempts from China, the government has decided to tighten its vigil. Employees across ministries and public sector units (PSUs) being asked to follow a standard operating protocol or face disciplinary action. This SoP has various steps including basic hygiene such as switching off computers, signing out of emails and updating passwords.
- On November 23, 2022, a breach was detected in AIIMS’ internal systems. Not much later, the hospital’s digital patient management system was crippled.
- The attack derailed everyday work, appointments and registration, billing, patient care information and lab reports.
- It corrupted files and data on main and backup servers of the mega-hospital.
- This led the hospital to shut down most digital patient care systems and move to manual means.
- Different media reports claimed that hackers asked for a ransom in order to return access to that data.
How serious are the threats?
- From the power grid to the banking system, there have been multiple cyberattacks.
- A report by CERT-IN has estimated a 51% jump in ransomware incidents that were reported during the first half of 2022.
- While a majority of the attacks were on data centres, IT sector and manufacturing and finance; critical infrastructure including oil and gas, transport, power were also hit.
- Separately, cyber security firm Norton said in a report that India had faced over 18 million cyber threats during the first quarter of 2022.
- Most of these attacks are believed to be the handiwork of Chinese hackers, who often operate as “sleeper cells” using the computers of Indian users.
What is the plan?
- The government has decided to tighten its vigil, with employees across ministries and public sector units (PSUs) being asked to follow a standard operating protocol or face disciplinary action.
- Several Indian agencies have built multiple firewalls to protect themselves against cyberattacks.
- However, irresponsible behaviour by stakeholders and employees often exposes them to risks.
About ‘malwares’ –
- Malware, or malicious software, is any program or file that is intentionally harmful to a computer, network or server.
- It basically is a program designed to gain access to computer systems, normally for the benefit of some third party, without the user’s permission.
- Types —
- Viruses —
- A Virus is a malicious executable code attached to another executable file. The virus spreads when an infected file is passed from system to system.
- Viruses can be harmless or they can modify or delete data. Once a program virus is active, it will infect other programs on the computer.
- Worms —
- Worms replicate themselves on the system, attaching themselves to different files and looking for pathways between computers, such as computer network that shares common file storage areas.
- Worms usually slow down networks. A virus needs a host program to run but worms can run by themselves.
- Spyware —
- Its purpose is to steal private information from a computer system for a third party. Spyware collects information and sends it to the hacker.
- Trojan horse —
- A Trojan horse is malware that carries out malicious operations under the appearance of a desired operation such as playing an online game.
- A Trojan horse varies from a virus because the Trojan binds itself to non-executable files, such as image files, audio files.
- Logic Bombs —
- A logic bomb is a malicious program that uses a trigger to activate the malicious code.
- The logic bomb remains non-functioning until that trigger event happens.
- Once triggered, a logic bomb implements a malicious code that causes harm to a computer.
- Ransomware —
- Ransomware grasps a computer system or the data it contains until the victim makes a payment.
- Ransomware encrypts data in the computer with a key which is unknown to the user. The user has to pay a ransom (price) to the criminals to retrieve data.
- Backdoors —
- A backdoor bypasses the usual authentication used to access a system.
- The purpose of the backdoor is to grant the cyber criminals future access to the system even if the organisation fixes the original vulnerability used to attack the system.
- Rootkits —
- A rootkit modifies the OS to make a backdoor. Attackers then use the backdoor to access the computer distantly.
- Keyloggers —
- Keylogger records everything the user types on his/her computer system to obtain passwords and other sensitive information and send them to the source of the keylogging program.