There has been a major increase in attacks on Indian websites in recent months, the most vulnerable being those of critical government organisations like banking and finance, oil and gas and emergency services, according to the latest report of the Indian Computer Emergency Response Team (CERT-In) under the Department of Electronics and Information Technology.
Asking all important agencies to instruct their website administrators to follow the “best practices to secure web applications and web servers,” CERT-In has said in an internal note that the most targeted websites included those having ‘.in’ domain, which is mostly used by government ministries and departments, besides some major private organisations.
Noting that there has been a constant rise in cyberattacks, which mainly include defacement of website, the note said that since mid-2013, there had been a major increase in the occurrence.
“A total of 1808, 2858, 2380 and 4191 Indian websites were defaced during May, June, July and August 2013 respectively,” it said, pointing out that 60-80 per cent of the websites targeted had ‘.in’ domain.
Notably, in these four months alone, almost 40 websites belonging to some important government departments with ‘.in’ domain were defaced. India’s country code domains that were targeted included ‘.co.in’, ‘.net.in’, ‘.gov.in’, ‘.org.in’, ‘.nic.in’, ‘.ac.in’, ‘.edu.in’ and ‘.res.in’. Hackers, mostly from abroad, have also been targeting websites with ‘.com’, ‘.org’ and ‘.net’ domains.
During its analysis, CERT-In, which has been tracking defacement of Indian websites, also found that top cyberattackers India faced included ‘HuSsY,’ ‘hasnain haxor,’ ‘CouCouM,’ ‘BLACKSMITH HACKERS,’ ‘Romantic,’ ‘ALFA TEAM 2012,’ ‘Intruder’ and ‘Team Patriot.’
Stating that defacing of a website was an act of cyberterrorism, particularly when the target belonged to critical government infrastructure, a senior official of the IT Ministry reasoned that hackers targeted these important websites to reduce public confidence in the security of a system and its trustworthiness for use for sensitive purposes.
With rising defacements, CERT-In has circulated a list of security guidelines all critical departments need to follow. They have been asked to install a potent firewall and anti-spyware and anti-phishing controls, update their application software regularly and use the latest Internet browsers, capable of detecting phishing and malicious sites, besides exercising caution while opening unsolicited emails, the official said.