FOLLOWING REPORTS of a spike in coordinated cyber attacks by Chinese hackers, the Department of Telecommunications (DoT) has written to all web portals and websites within its ambit to conduct a security audit and submit a compliance certificate as soon as possible.
Government officials said such attacks have increased multifold since the border clash with Chinese troops on June 15 and the ban on 59 apps linked to China.
“Most of these attacks are in the nature of DDOS (distributed denial of service), phishing, data exfiltration, remote access tool malware and keylogging (tracking every keystroke made by a user),” an official said.
The DoT letter, sent late Friday night, has also asked the web portals and websites to upgrade their online security and the systems used by officials in the ministry.
“A pattern we have seen is most of these attacks and malware have CnC (Command and Control) servers in China.
Right after the (border) clashes, we observed up to 10,000 attack attempts per day. It has come down a bit but we have to be alert,” another official said.
Government websites and web portals have been targeted earlier with hackers mostly looking to just deface and disrupt. What is different this time is that the attacks appear to be well planned, and aimed at extracting information and sensitive data.
A report on possible cyber-attacks and the security aspects of sensitive government websites and portals has also been submitted to the Indian Computer Emergency Response Team (Cert-In), the official said.
The DoT has also written to all other ministries and departments requesting them to migrate their websites and web-portals to the gov.in domain by August 31, if they had not done so already.
Earlier last month, Singapore-based cybersecurity firm Cyfirma Research had warned that Chinese hackers had increased their attacks on top Indian government establishments and were trying to collect data from websites and web portals of the Defence Ministry, and private companies such as Bharti Airtel, Reliance Jio and Sun Pharmaceutical.
Last October, a similar letter sent by the DoT to all web portals and websites yielded no results. In that letter, dated October 7, the DoT had said that a security audit was necessary for the “robustness of information systems and associated networks”.
The letter was sent after the DoT was alerted that “data exfiltration” was taking place from one of the web portals of the ministry that did not have a valid cyber-security audit. Data exfiltration occurs when a malware or a virus gains unauthorised access to any computer connected to a network.