IT Min steps up cyberattack vigil, asks cos to boost defence

The Ministry of Electronics and Information Technology (MeitY) has stepped up its vigil of cyberattacks on Indian corporations within the vaccine, logistics, pharmaceutical and energy sector, and has requested these to report “any and all major cybersecurity” incidents to the Computer Emergency Response Team (CERT-In) workforce each week, senior authorities officers stated.
“The frequency of such attacks has definitely increased over the last one year. But for each such attack that gets reported or is flagged by some external agency, at least 10 others are stopped in track before they can do any harm. CERT-In has been in touch with all these companies,” an official stated.
Over the previous four-five months, particularly after cyberattacks on Dr Reddy’s Laboratories and Lupin Ltd in October and November final yr, the IT Ministry and its nodal physique on cybersecurity, CERT-In, carried out conferences with crucial corporations within the vaccine, logistics, pharmaceutical and energy sectors and assisted them in shoring up their defence, officers stated.
“They are helping in many different ways,” stated the manager of one of many vaccine corporations that has obtained help. This contains coaching of the corporate’s employees for cover towards cyber assaults, assessing weaknesses in its IT programs, strengthening these and trying to find assault makes an attempt, the manager informed The Indian Express requesting anonymity.
The train was initiated in the direction of the top of final yr over triggers like rising potential cyber threats from nations like China, Russia and Uzbekistan, based on the manager.
“We were told that it (the threat) is primarily (from) China,” the manager added.
Another vaccine agency govt informed The Indian Express {that a} authorities official had come to their workplace final month “to verify whether we have enough security from an IT perspective as well as general security for vaccine manufacturers.” According to this govt, the official had regarded for measures like whether or not the corporate had enough firewalls in place to thwart cyber assault makes an attempt. “There is a lot of renewed interest in Indian vaccine companies,” the manager stated.
Following the assaults on Dr Reddy’s Laboratories and Lupin in October and November final yr, prescribed drugs and healthcare corporations have been on excessive alert, based on some trade executives. The variety of cyber threats towards vaccine makers, particularly, has exponentially risen within the final six months alone, they stated.
The govt of 1 such vaccine agency stated that it now has to battle “thousands” of makes an attempt to assault its programs each month. “Depending on the day, we get anywhere between 4-6 cyberattack attempts to as many as 100 attempts. Around 6-8 months ago, we would get 3-4 attack attempts in a month,” stated the manager, requesting anonymity.
Towards the top of February, Goldman Sachs-backed cyber intelligence agency Cyfirma had stated a Chinese hacker group referred to as Stone Panda had “identified gaps and vulnerabilities in the IT infrastructure and supply chain software of Bharat Biotech and the Serum Institute of India,” based on a Reuters report. These corporations have developed Covaxin and Covishield, that are presently getting used within the nationwide vaccination marketing campaign.

Apart from corporations within the vaccine and pharmaceutical house, corporations within the energy distribution house have additionally been on the radar of cybercriminals. On February 28, Recorded Future printed a report saying it had noticed a “steep rise” in the usage of assets like malware by a Chinese group known as Red Echo to focus on “a large swathe” of India’s energy sector.
It stated 10 distinct Indian energy sector organisations have been focused, together with 4 Regional Load Despatch Centres which can be accountable for easy operation of the nation’s energy grid. Recorded Future stated the group additionally focused two Indian seaports.