CERT-In advisory for Indian Organization – All You Need to Know !!

Home/Internet Security, Regulation, Security Advisory, Security Update/CERT-In advisory for Indian Organization – All You Need to Know !!

CERT-In advisory for Indian Organization – All You Need to Know !!

Past Week we could see a lot of Indian Organizations were under targeted attack and they were compromised. Now we can see CERT-In became active and provided guidelines for Organizations. This Article is an abstract and overview of recently published Advisory.

  1. All service providers, intermediaries, data centers, body corporate and Government organizations shall connect to the Network Time Protocol (NTP) – this is a best practice for a centralized logging & Monitoring
  2. Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber incidents as mentioned in Annexure I to CERT-In within 6 hours of noticing such incidents or being brought to notice about such incidents. The incidents can be reported to CERT-In via email (incident@cert-in.org.in), Phone (1800-11-4949) and Fax (1800-11-6969).
  3. CERT-In also advised the organization to provide near real time mitigations / preventive measures taken immediately at the time of cyber incident observer. The Information relating to a Point of Contact shall be sent to CERT-In in the format specified at Annexure II and shall be updated from time to time.
  4. All service providers, intermediaries, data centers, body corporate and Government organizations shall mandatorily enable logs of all their ICT systems and maintain them securely for a rolling period of 180 days [log retention period] and the same shall be maintained within the Indian jurisdiction
  5. Data Centers, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers, shall be required to register the following accurate  information which must be maintained by them for a period of 5 years or longer
    • Validated names of subscribers/customers hiring the services
    • Period of hire including dates
    • IPs allotted to / being used by the members
    • Email address and IP address and time stamp used at the time of registration / on-boarding
    • Purpose for hiring services
    • Validated address and contact numbers
    • Ownership pattern of the subscribers / customers hiring services
  6. The virtual asset service providers, virtual asset exchange providers and custodian wallet providers (as defined by Ministry of Finance from time to time) shall mandatorily maintain all information obtained as part of Know Your Customer (KYC) and records of financial transactions for a period of five years. For the purpose of KYC, mandated procedures as amended from time to time may be referred to as per Annexure III.

Annexure – I

Which are the attacks concerning by India CERT,

i.Targeted scanning/probing of critical networks/systems

ii. Compromise of critical systems/information

iii. Unauthorised access of IT systems/data

iv. Defacement of website or intrusion into a website and unauthorised changes such as inserting malicious code, links to external websites etc.

v. Malicious code attacks such as spreading of virus/worm/Trojan/Bots/ Spyware / Ransomware / Cryptominers

vi. Attack on servers such as Database, Mail and DNS and network devices such as Routers

vii. Identity Theft, spoofing and phishing attacks

viii. Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks

ix. Attacks on Critical infrastructure, SCADA and operational technology systems and Wireless networks

x. Attacks on Application such as E-Governance, E-Commerce etc.

xi. Data Breach

xii. Data Leak

xiii. Attacks on Internet of Things (IoT) devices and associated systems, networks, software, servers

xiv. Attacks or incident affecting Digital Payment systems

xv. Attacks through Malicious mobile Apps

xvi. Fake mobile Apps

xvii. Unauthorised access to social media accounts

xviii. Attacks or malicious/ suspicious activities affecting Cloud computing systems / servers / software / applications

xix. Attacks or malicious/suspicious activities affecting systems/ servers/ networks/ software/ applications related to Big Data, Block chain, virtual assets, virtual asset exchanges, custodian wallets, Robotics, 3D and 4D Printing, additive manufacturing, Drones

xx. Attacks or malicious/ suspicious activities affecting systems/ servers/software/ applications related to Artificial Intelligence and Machine Learning

Annexure – II

Format for providing Point of Contact (PoC)

  • Name
  • Designation
  • Organization Name
  • Office Address
  • Email ID
  • Mobile Number
  • Office Phone
  • Office Fax

Annexure – III

For the purpose of KYC, any of following Officially Valid Document (OVD) can be considered as a measure of identification procedure.
a. The passport,
b. The driving license,
c. Proof of possession of Aadhaar number,
d. The Voter’s Identity Card issued by the Election Commission of India,
e. Job card issued by NREGA duly signed by an officer of the State Government and
f. Letter issued by the National Population Register containing details of name and address.
g. Validated phone number
h. Trading account number and details, Bank account number and bank details

For further Understanding feel free to Visit CERT-In advisory.

By | 2022-04-29T18:40:53+05:30 April 29th, 2022|Internet Security, Regulation, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!