Facing repeated cyberattack attempts from China, the government has decided to tighten its vigil. Employees across ministries and public sector units (PSUs) being asked to follow a standard operating protocol or face disciplinary action. This SoP has various steps including basic hygiene such as switching off computers, signing out of emails and updating passwords.

 

Background

  • On November 23, 2022, a breach was detected in AIIMS’ internal systems. Not much later, the hospital’s digital patient management system was crippled.
    • The attack derailed everyday work, appointments and registration, billing, patient care information and lab reports.
    • It corrupted files and data on main and backup servers of the mega-hospital.
    • This led the hospital to shut down most digital patient care systems and move to manual means.
  • Different media reports claimed that hackers asked for a ransom in order to return access to that data.

 

How serious are the threats?

  • From the power grid to the banking system, there have been multiple cyberattacks.
  • A report by CERT-IN has estimated a 51% jump in ransomware incidents that were reported during the first half of 2022.
    • While a majority of the attacks were on data centres, IT sector and manufacturing and finance; critical infrastructure including oil and gas, transport, power were also hit.
  • Separately, cyber security firm Norton said in a report that India had faced over 18 million cyber threats during the first quarter of 2022.
  • Most of these attacks are believed to be the handiwork of Chinese hackers, who often operate as “sleeper cells” using the computers of Indian users.

 

What is the plan?

  • The government has decided to tighten its vigil, with employees across ministries and public sector units (PSUs) being asked to follow a standard operating protocol or face disciplinary action.
  • Several Indian agencies have built multiple firewalls to protect themselves against cyberattacks.
  • However, irresponsible behaviour by stakeholders and employees often exposes them to risks.

 

About ‘malwares’

  • Malware, or malicious software, is any program or file that is intentionally harmful to a computer, network or server.
  • It basically is a program designed to gain access to computer systems, normally for the benefit of some third party, without the user’s permission.
  • Types —
      • Viruses —
        • A Virus is a malicious executable code attached to another executable file. The virus spreads when an infected file is passed from system to system.
        • Viruses can be harmless or they can modify or delete data. Once a program virus is active, it will infect other programs on the computer.
      • Worms —
        • Worms replicate themselves on the system, attaching themselves to different files and looking for pathways between computers, such as computer network that shares common file storage areas.
        • Worms usually slow down networks. A virus needs a host program to run but worms can run by themselves.
      • Spyware —
        • Its purpose is to steal private information from a computer system for a third party. Spyware collects information and sends it to the hacker.
      • Trojan horse —
        • A Trojan horse is malware that carries out malicious operations under the appearance of a desired operation such as playing an online game.
        • A Trojan horse varies from a virus because the Trojan binds itself to non-executable files, such as image files, audio files.
      • Logic Bombs —
        • A logic bomb is a malicious program that uses a trigger to activate the malicious code.
        • The logic bomb remains non-functioning until that trigger event happens.
        • Once triggered, a logic bomb implements a malicious code that causes harm to a computer.
      • Ransomware —
        • Ransomware grasps a computer system or the data it contains until the victim makes a payment.
        • Ransomware encrypts data in the computer with a key which is unknown to the user. The user has to pay a ransom (price) to the criminals to retrieve data.
      • Backdoors —
        • A backdoor bypasses the usual authentication used to access a system.
        • The purpose of the backdoor is to grant the cyber criminals future access to the system even if the organisation fixes the original vulnerability used to attack the system.
      • Rootkits —
        • A rootkit modifies the OS to make a backdoor. Attackers then use the backdoor to access the computer distantly.
      • Keyloggers —
        • Keylogger records everything the user types on his/her computer system to obtain passwords and other sensitive information and send them to the source of the keylogging program.