Cyber Security Advisory during COVID-19 Lock-Down
Scope and Applicability :
All MIIs, Market Intermediaries, Mutual Funds and other SEBI regulated entities
1. Due to outbreak of CORONA COVID-19 Virus, many organizations have started use of “work from home” with its officials using mobile phones, tabs and personal / rented laptops / PCs to ensure continuation of work in order to maintain business continuity.
2. This has resulted in unprecedented increase in the dependency on digital communications many folds and resulting in many operations that may possibly be under remote monitoring mode.
3. A malicious cyber-attack on organization / officials / infrastructure or services by accessing to their devices, data or the Internet connection could be devastating in present case, if it is unsecured.
4. Cyber criminals have started using this as opportunity to target such users and computing devices used.
5. Cyber Criminals are seen using multiple attack vectors such as
· Exploitation of Virtual Private Network (VPN) and Remote Desktop Connectivity Vulnerabilities
· Remote Login Attacks: Remote User Credential Theft
An attacker may target increase use of remote login credentials to organizational resources.
· Malware Attacks:
Users working with home systems for official work could fall for “free” access to obscure websites or pirated shows, opening the door to likely malware and attacks.
Viruses, malware campaigns and ransomware such as TrickBot, Emotet, nanoCore, Crimson RAT, Ryuk etc. are increasingly seen being used by cybercriminals during this period
· Social Engineering Attacks such as Phishing:
Phishing emails with links claiming to have important updates on Coronavirus from World Health Organization (WHO). The links, if clicked may lead the devices being infected with malware/ransomware.
· Malicious / Fraudulent websites and URLS
Latest news from open source have indicated that many unique files dubbed as Coronavirus spread related documents (PDF, MP4, and Docx) are circulating on the web which are filled with malevolent infections such as file-encrypting malware, crypto-mining malware and browser details siphoning digital adjectives and those which exfiltrate sensitive data
These attacks and malware indiscriminately target individuals and organizations across the world stealing financial data and other sensitive information. Many malwares like Emotet persist in the systems, propagate across the network, send malspam messages that originate from the infected user’s account leveraging unpatched systems.
All MIIs, Market Intermediaries, Mutual Funds and other SEBI regulated entities are hereby advised to strictly adhere to “Cyber Security Guidelines” issued by SEBI and follow best practices and recommendations given under and other advisories – guidelines issued by CERT-In (https://www.cert-in.org.in) and NCIIPC (https://nciipc.gov.in).
Best Practices and Recommendations
· Ensure continuity of operations/ plans or business continuity plans exists and are up-to-date and have adequate measures to address cyber crises.
· Review and update Incident Response Plans to consider workforce changes in a distributed environment
· Ensure Remote Access to the organization’s network strictly through secured connectivity like VPN using multi-factor authentication.
· Secure systems that enable remote access.
· Ensure Virtual Private Network and other remote access systems are fully patched.
· Ensure all systems are implemented with anti-malware and anti-intrusion prevention having latest updated signatures
· Ensure all Systems are protected with appropriately configured firewalls policies.
· Enforcement of strict application whitelisting, blocking unused ports, turning off unused services and monitoring outgoing traffic are some of the measures to prevent cyber-attacks from occurring.
· Enhance system and network monitoring for early detection and raise alert on abnormal activity.
· Monitor and block Malicious Connection Requests, Domains or IP Addresses after diligently verifying them, whilst avoiding any impact to the operations. Internet-facing applications and open ports of remote access software are key targets for attacks.
· Monitoring of all user sessions especially pertaining to critical resources is essential.
· Monitor and assess remote access solutions for their capacity to make adequate provisions as per assessment.
· Employees and support staff must be made aware on IT and Cyber Security support mechanisms
· Employees and related vendor staff know about incident reporting mechanisms in the organization.
Individual Protection Level
Advise “Work from Home” Employees / related Vendor Staff to
· Preferably work from a private space, in case of working in public place use a privacy screen and tether using a trusted 3G/4G connection instead of an untrusted Wi-Fi hotspot.
· Ensure to change default passwords on you home Wi-Fi router to prevent hackers accessing your home network
· Firewall features if available on WIFI routers, must be appropriately configured
· Use the latest, authorized and licensed version of Operating Systems with latest security patches applied to the Operating Systems and Applications.
· It is also important that all personal computation devices, including mobile phones, tabs, desktops and laptops should be protected with up to date antivirus and malware protection software with latest signatures.
· Turn on Personal Firewalls in Operating Systems.
· Use unique and strong passwords for every account on network, systems and applications.
· Never share Login Credentials or related details to anyone
· When signing for any new services, verify the source of every URL and ensure the program or applications installed are the original versions from a trusted source.
· Refrain from using personal email or 3rd party services unless reliably informed otherwise.
· Majority of the cyber-attacks are primarily introduced via phishing emails, malicious messages through websites and social media and malicious apps. Hence, it is critical to advise employees / vendor staff
· to not to click links and attachments which are suspicious and
· to check all mails and messages for authentic URLs, domain names and spelling errors. If authenticity of links and URLs are doubtful, same can be verified by visiting the websites of organizations.
· Connect and use Work from Home – VPN services when necessary and avoid idle times
· Always ensure protection of organizational and customer data.
· monitor and report any unusual activities to your related service desk personnel.
In case of an incident report it to relevant authorities and keep the exchange informed accordingly
Important Note :
Organizations and its System owners in scope are advised to independently evaluate the contents for its applicability in their specific environment and take appropriate action as per their own assessment of the implications of the alert/ advisory on their systems. ICCL will not be liable for any issues or problems that may arise from application or non-application of the alert/ advisory. Organizations and its System owners are wholly responsible for cyber security updates to their information technology systems.
The information provided above is on guideline basis only.
For and on behalf of ICCL,
Shri. Rajesh Singhal
Chief Information Security Officer