Revamping CyberSecurity Framework: Govt Pushes Indigenous Cyber Solutions
Introduction
The Indian government has developed the National Cybersecurity Reference Framework (NCRF) to provide an implementable measure for cybersecurity, based on existing legislations, policies, and guidelines. The National Critical Information Infrastructure Protection Centre is responsible for the framework. The government is expected to recommend enterprises, particularly those in critical sectors like banking, telecom, and energy, to use only security products and services developed in India. The NCRF aims to ensure that cybersecurity is protected and that the use of made-in-India products is encouraged to safeguard cyber infrastructure. The Centre is expected to emphasise the significant progress in developing indigenous cybersecurity products and solutions.
National Cybersecurity Reference Framework (NCRF)
The Indian government has developed the National Cybersecurity Reference Framework (NCRF), a guideline that sets the standard for cybersecurity in India. The framework focuses on critical sectors and provides guidelines to help organisations develop strong cybersecurity systems. It can serve as a template for critical sector entities to develop their own governance and management systems. The government has identified telecom, power, transportation, finance, strategic entities, government entities, and health as critical sectors.
The NCRF is non-binding in nature, meaning its recommendations will not be binding. It recommends enterprises allocate at least 10% of their total IT budget towards cybersecurity, with monitoring by top-level management or the board of directors. The framework may suggest that national nodal agencies evolve platforms and processes for machine-processing data from different sources to ensure proper audits and rate auditors based on performance.
Regulators overseeing critical sectors may have greater powers to set rules for information security and define information security requirements to ensure proper audits. They also need an effective Information Security Management System (ISMS) instance to access sensitive data and deficiencies related to operations in the critical sector. The policy is based on a Common but Differentiated Responsibility (CBDR) approach, recognising that different organisations have varying levels of cybersecurity needs and responsibilities.
India faces a barrage of cybersecurity-related incidents, such as the high-profile attack on AIIMS Delhi in 2022. Many ministries feel hamstrung by the lack of an overarching framework on cybersecurity when formulating sector-specific legislation. In recent years, threat actors backed by nation-states and organised cyber-criminal groups have attempted to target the critical information infrastructure (CII) of the government and enterprises. The current guiding framework on cybersecurity for critical infrastructure in India comes from the National Cybersecurity Policy of 2013. From 2013 to 2023, the world has evolved significantly due to the emergence of new threats necessitating the development of new strategies.
Significance in the realm of Critical Infrastructure
India faces numerous cybersecurity incidents due to a lack of a comprehensive framework. Critical Information Infrastructure like banking, energy, healthcare, telecommunications, transportation, strategic enterprises, and government enterprises are most targeted by threat actors, including nation-states and cybercriminals. These critical information sectors especially by their vary nature as they hold sensitive data make them prime targets for cyber threats and attacks. Cyber-attacks can compromise patient privacy, disrupt services, compromise control systems, pose safety risks, and disrupt critical services. Hence it is of paramount importance to come up with NCRF which can potentially address the emerging issues by providing sector-specific guidelines.
The Indian government is considering promoting the use of made-in-India products to enhance Cyber Infrastructure
India is preparing to recommend the use of domestically developed cybersecurity products and services, particularly for critical sectors like banking, telecom, and energy, to enhance national security in the face of escalating cybersecurity threats. The initiative aims to enhance national security in response to increasing cybersecurity threats.
Conclusion
Promoting locally made cybersecurity products and services in important industries shows India's commitment to strengthening national security. A step of coming up with the National Cybersecurity Reference Framework (NCRF) which outlines duties, responsibilities, and recommendations for organisations and regulators shows the critical step towards a comprehensive cybersecurity policy framework which is a need of the hour. The government underscoring made-in-India solutions and allocating cybersecurity resources underlines its determination to protect the country's cyber infrastructure in light of increasing cyber threats & attacks. The NCRF is expected to help draft sector-specific guidelines on cyber security.
References
- https://indianexpress.com/article/business/market/overhaul-of-cybersecurity-framework-to-safeguard-cyber-infra-govt-may-push-use-of-made-in-india-products-9133687/
- https://vajiramandravi.com/upsc-daily-current-affairs/mains-articles/national-cybersecurity-reference-framework-ncrf/
- https://m.toppersnotes.com/current-affairs/blog/to-push-cyber-infra-govt-may-push-use-of-made-in-india-products-DxQP
- https://appkida.in/overhaul-of-cybersecurity-framework-in-2024/
Related Blogs
Introduction
Devices and interconnectivity are the pipelines which drive the data into cyberspace, and in turn, the users consume this data to perform different tasks in the digital age. The security of devices and networks is essential as they are the first defenders of cyberspace. Bad actors often target systems and networks with malware and ransomware, these attacks are differently motivated, but all wreak havoc upon the system and can impact individuals and organisations alike. Mobile users worldwide prefer iOS or Android, but both operating systems are vulnerable to cyberattacks these days. Some of these attacks go undetected for a long time.
Op Triangulation
As reported by Kaspersky, While monitoring the network traffic of their own corporate Wi-Fi network dedicated to mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), Kaspersky noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS devices from the inside, they created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise. This is known as Operation Triangulation and has been in action since 2019 and got detected in 2023.
The Malware
A portion of the filesystem, including some of the user data and service databases, is included in mobile device backups. The files, directories, and database entries’ timestamps make it possible to reconstruct the events that happened to the device roughly. The “timeline.csv” file created by the mvt-ios software contains a sorted timeline of events that is comparable to the super-timeline utilised by traditional digital forensic tools. Pinpointing particular artefacts that show the compromise using this timeframe. This made it possible to advance the research and reassemble the broad infection sequence:
Through the iMessage service, a message with an attachment containing an exploit is delivered to the target iOS device.
The message initiates a vulnerability that results in code execution without any user input.
The exploit’s code downloads multiple additional stages, including additional exploits for privilege escalation, from the C&C server.
After successful exploitation, a fully functional APT platform is downloaded as the final payload from the C&C server.
The first message and the attachment’s exploit are removed
The lack of persistence support in the harmful toolset is most likely a result of OS restrictions. Multiple devices’ timeframes suggest that after rebooting, they might get infected again. The earliest signs of infection that we found date to 2019. The most recent version of the devices that have been successfully attacked as of the time of writing in June 2023 is iOS 15.7.
The final payload analysis is still ongoing. The programme executes with root rights, implements a set of commands for gathering user and system data, and can run any code downloaded as plugin modules from the C&C server.
Malicious Domains
Using the forensic artefacts, it was possible to identify the domain name set used by the exploits and further malicious stages. They can be used to check the DNS logs for historical information and to identify the devices currently running the malware:
addatamarket[.]net
backuprabbit[.]com
businessvideonews[.]com
cloudsponcer[.]com
datamarketplace[.]net
mobilegamerstats[.]com
snoweeanalytics[.]com
tagclick-cdn[.]com
topographyupdates[.]com
unlimitedteacup[.]com
virtuallaughing[.]com
web-trackers[.]com
growthtransport[.]com
anstv[.]netAns7tv[.]net
Safeguards for iOS users
Despite its world-class safety and privacy architecture, iOS is vulnerable to a few attacks; the following steps can be undertaken to safeguard iOS users –
Keeping Device updated
Security patches
Disabling iMessage would prevent Zero clicks exploits or the Triangulation attacks
Paying zero attention to unwanted, unsolicited messages
The user should make sure that any application they are downloading or installing; it should be from a trusted source ( This Zero click attack does not occur by any other means, It exploits / it targets software vulnerabilities in operating systems networks and applications)
Being cautious with the messaging app and emails
Implement device restrictions (management features like parental control and restrictions over using necessary applications)
Conclusion
Operation Triangulation is one of the recent operations combating cyber attacks, but such operations are launched nearly daily. This is also due to a rapid rise in internet and technology penetration across the world. Cyberattacks have taken a new face as they have evolved with the new and emerging technology. The influence of the Darknet has allowed many hackers to remain on the black hat side due to easy accessibility to illegal tools and material over the dark net, which facilitates such crimes.
.webp)
Introduction
In the intricate maze of our interconnected world, an unseen adversary conducts its operations with a stealth almost poetic in its sinister intent. This adversary — malware — has extended its tendrils into the digital sanctuaries of Mac users, long perceived as immune to such invasive threats. Our narrative today does not deal with the physical and tangible frontlines we are accustomed to; this is a modern tale of espionage, nestled in the zeros and ones of cyberspace.
The Mac platform, cradled within the fortifications of Apple's walled garden ecosystem, has stood as a beacon of resilience amidst the relentless onslaught of cyber threats. However, this sense of imperviousness has been shaken at its core, heralding a paradigm shift. A new threat lies in wait, bridging the gap between perceived security and uncomfortable vulnerability.
The seemingly invincible Mac OS X, long heralded for its robust security features and impervious resilience to virus attacks, faces an undercurrent of siege tactics from hackers driven by a relentless pursuit for control. This narrative is not about the front-and-centre warfare we see so often reported in media headlines. Instead, it veils itself within the actions of users as benign as the download of pirated software from the murky depths of warez websites.
The Incident
The casual act, born out of innocence or economic necessity, to sidestep the financial requisites of licensed software, has become the unwitting point of compromised security. Users find themselves on the battlefield, one that overshadows the significance of its physical counterpart with its capacity for surreptitious harm. The Mac's seeming invulnerability is its Achilles' heel, as the wariness against potential threats has been eroded by the myth of its impregnability.
The architecture of this silent assault is not one of brute force but of guile. Cyber marauders finesse their way through the defenses with a diversified arsenal; pirated content is but a smokescreen behind which trojans lie in ambush. The very appeal of free access to premium applications is turned against the user, opening a rift that permits these malevolent forces to ingress.
The trojans that permeate the defenses of the Mac ecosystem are architects of chaos. They surreptitiously enrol devices into armies of sorts – botnets which, unbeknownst to their hosts, become conduits for wider assaults on privacy and security. These machines, now soldiers in an unconsented war, are puppeteered to distribute further malware, carry out phishing tactics, and breach the sanctity of secure data.
The Trojan of Mac
A recent exposé by the renowned cybersecurity firm Kaspersky has shone a spotlight on this burgeoning threat. The meticulous investigation conducted in April of this year unveiled a nefarious campaign, engineered to exploit the complacency among Mac users. This operation facilitates the sale of proxy access, linking previously unassailable devices to the infrastructure of cybercriminal networks.
This revelation cannot be overstated in its importance. It illustrates with disturbing clarity the evolution and sophistication of modern malware campaigns. The threat landscape is not stagnant but ever-shifting, adapting with both cunning and opportunity.
Kaspersky's diligence in dissecting this threat detected nearly three dozen popular applications, and tools relied upon by individuals and businesses alike for a multitude of tasks. These apps, now weaponised, span a gamut of functionalities - image editing and enhancement, video compression, data recovery, and network scanning among them. Each one, once a benign asset to productivity, is twisted into a lurking danger, imbued with the power to betray its user.
The duplicity of the trojan is shrouded in mimicry; it disguises its malicious intent under the guise of 'WindowServer,' a legitimate system process intrinsic to the macOS. Its camouflage is reinforced by an innocuously named file, 'GoogleHelperUpdater.plist' — a moniker engineered to evade suspicion and blend seamlessly with benign processes affiliated with familiar applications.
Mode of Operation
Its mode of operation, insidious in its stealth, utilises the Transmission Control Protocol(TCP) and User Datagram Protocol(UDP) networking protocols. This modus operandi allows it to masquerade as a benign proxy. The full scope of its potential commands, however, eludes our grasp, a testament to the shadowy domain from which these threats emerge.
The reach of this trojan does not cease at the periphery of Mac's operating system; it harbours ambitions that transcend platforms. Windows and Android ecosystems, too, find themselves under the scrutiny of this burgeoning threat.
This chapter in the ongoing saga of cybersecurity is more than a cautionary tale; it is a clarion call for vigilance. The war being waged within the circuits and code of our devices underscores an inescapable truth: complacency is the ally of the cybercriminal.
Safety measures and best practices
It is imperative to safeguard the Mac system from harmful intruders, which are constantly evolving. Few measures can play a crucial role in protecting your data in your Mac systems.
- Refrain from Unlicensed Software - Refrain from accessing and downloading pirated software. Plenty of software serves as a decoy for malware which remains dormant till downloaded files are executed.
- Use Trusted Source: Downloading files from legitimate and trusted sources can significantly reduce the threat of any unsolicited files or malware making its way into your Mac system.
- Regular system updates: Regular updates to systems released by the company ensure the latest patches are installed in the system critical to combat and neutralize emerging threats.
- General Awareness: keeping abreast of the latest developments in cyberspace plays a crucial role in avoiding new and emerging threats. It is crucial to keep pace with trends and be well-informed about new threats and ways to combat them.
Conclusion
In conclusion, this silent conflict, though waged in whispers, echoes with repercussions that reverberate through every stratum of digital life. The cyber threats that dance in the shadows cast by our screens are not figments of paranoia, but very real specters hunting for vulnerabilities to exploit. Mac users, once confident in their platforms' defenses, must awaken to the new dawn of cybersecurity awareness.
The battlefield, while devoid of the visceral carnage of physical warfare, is replete with casualties of privacy and breaches of trust. The soldiers in this conflict are disguised as serviceable code, enacting their insidious agendas beneath a façade of normalcy. The victims eschew physical wounds for scars on their digital identities, enduring theft of information, and erosion of security.
As we course through the daunting terrain of digital life, it becomes imperative to heed the lessons of this unseen warfare. Shadows may lie unseen, but it is within their obscurity that the gravest dangers often lurk, a reminder to remain ever vigilant in the face of the invisible adversary.
References:
Executive Summary:
A video of Pakistani Olympic gold medalist and Javelin player Arshad Nadeem wishing Independence Day to the People of Pakistan, with claims of snoring audio in the background is getting viral. CyberPeace Research Team found that the viral video is digitally edited by adding the snoring sound in the background. The original video published on Arshad's Instagram account has no snoring sound where we are certain that the viral claim is false and misleading.
Claims:
A video of Pakistani Olympic gold medalist Arshad Nadeem wishing Independence Day with snoring audio in the background.
Fact Check:
Upon receiving the posts, we thoroughly checked the video, we then analyzed the video in TrueMedia, an AI Video detection tool, and found little evidence of manipulation in the voice and also in face.
We then checked the social media accounts of Arshad Nadeem, we found the video uploaded on his Instagram Account on 14th August 2024. In that video, we couldn’t hear any snoring sound.
Hence, we are certain that the claims in the viral video are fake and misleading.
Conclusion:
The viral video of Arshad Nadeem with a snoring sound in the background is false. CyberPeace Research Team confirms the sound was digitally added, as the original video on his Instagram account has no snoring sound, making the viral claim misleading.
- Claim: A snoring sound can be heard in the background of Arshad Nadeem's video wishing Independence Day to the people of Pakistan.
- Claimed on: X,
- Fact Check: Fake & Misleading
