Past Week we could see a lot of Indian Organizations were under targeted attack and they were compromised. Now we can see CERT-In became active and provided guidelines for Organizations. This Article is an abstract and overview of recently published Advisory.
- All service providers, intermediaries, data centers, body corporate and Government organizations shall connect to the Network Time Protocol (NTP) – this is a best practice for a centralized logging & Monitoring
- Any service provider, intermediary, data center, body corporate and Government organization shall mandatorily report cyber incidents as mentioned in Annexure I to CERT-In within 6 hours of noticing such incidents or being brought to notice about such incidents. The incidents can be reported to CERT-In via email (email@example.com), Phone (1800-11-4949) and Fax (1800-11-6969).
- CERT-In also advised the organization to provide near real time mitigations / preventive measures taken immediately at the time of cyber incident observer. The Information relating to a Point of Contact shall be sent to CERT-In in the format specified at Annexure II and shall be updated from time to time.
- All service providers, intermediaries, data centers, body corporate and Government organizations shall mandatorily enable logs of all their ICT systems and maintain them securely for a rolling period of 180 days [log retention period] and the same shall be maintained within the Indian jurisdiction
- Data Centers, Virtual Private Server (VPS) providers, Cloud Service providers and Virtual Private Network Service (VPN Service) providers, shall be required to register the following accurate information which must be maintained by them for a period of 5 years or longer
- Validated names of subscribers/customers hiring the services
- Period of hire including dates
- IPs allotted to / being used by the members
- Email address and IP address and time stamp used at the time of registration / on-boarding
- Purpose for hiring services
- Validated address and contact numbers
- Ownership pattern of the subscribers / customers hiring services
- The virtual asset service providers, virtual asset exchange providers and custodian wallet providers (as defined by Ministry of Finance from time to time) shall mandatorily maintain all information obtained as part of Know Your Customer (KYC) and records of financial transactions for a period of five years. For the purpose of KYC, mandated procedures as amended from time to time may be referred to as per Annexure III.
Annexure – I
Which are the attacks concerning by India CERT,
i.Targeted scanning/probing of critical networks/systems
ii. Compromise of critical systems/information
iii. Unauthorised access of IT systems/data
iv. Defacement of website or intrusion into a website and unauthorised changes such as inserting malicious code, links to external websites etc.
v. Malicious code attacks such as spreading of virus/worm/Trojan/Bots/ Spyware / Ransomware / Cryptominers
vi. Attack on servers such as Database, Mail and DNS and network devices such as Routers
vii. Identity Theft, spoofing and phishing attacks
viii. Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
ix. Attacks on Critical infrastructure, SCADA and operational technology systems and Wireless networks
x. Attacks on Application such as E-Governance, E-Commerce etc.
xi. Data Breach
xii. Data Leak
xiii. Attacks on Internet of Things (IoT) devices and associated systems, networks, software, servers
xiv. Attacks or incident affecting Digital Payment systems
xv. Attacks through Malicious mobile Apps
xvi. Fake mobile Apps
xvii. Unauthorised access to social media accounts
xviii. Attacks or malicious/ suspicious activities affecting Cloud computing systems / servers / software / applications
xix. Attacks or malicious/suspicious activities affecting systems/ servers/ networks/ software/ applications related to Big Data, Block chain, virtual assets, virtual asset exchanges, custodian wallets, Robotics, 3D and 4D Printing, additive manufacturing, Drones
xx. Attacks or malicious/ suspicious activities affecting systems/ servers/software/ applications related to Artificial Intelligence and Machine Learning
Annexure – II
Format for providing Point of Contact (PoC)
- Organization Name
- Office Address
- Email ID
- Mobile Number
- Office Phone
- Office Fax
Annexure – III
For the purpose of KYC, any of following Officially Valid Document (OVD) can be considered as a measure of identification procedure.
a. The passport,
b. The driving license,
c. Proof of possession of Aadhaar number,
d. The Voter’s Identity Card issued by the Election Commission of India,
e. Job card issued by NREGA duly signed by an officer of the State Government and
f. Letter issued by the National Population Register containing details of name and address.
g. Validated phone number
h. Trading account number and details, Bank account number and bank details