Cybersecurity Current Affairs - 2019

Category Wise PDF Compilations available at This Link

MHA to upgrade National Information Security Policy and Guidelines to secure government data

The Ministry of Home Affairs (MHA) will be upgrading National Information Security Policy and Guidelines (NISPG) to secure government data and control access to it inorder to prevent sensitive information making its way to internet. The upgraded and updated policy will cover issues pertaining to the Official Secrets Act.

Background

MHA has been designated as the lead agency for the protection of the “Information” in Cyberspace. In 2013, cybersecurity, which was sole preserve of MHA, was moved to National Security Council Secretariat (NSCS) under Prime Minister’s Office (PMO). Besides, critical infrastructure was moved to National Technical Research Organisation (NTRO) and non-critical part to Ministry of Electronics and Information Technology (MeITY). Recently in June 2018, Union Home Minister Rajnath Singh had presided over meeting to review evolving cyberthreats and had directed that NISPG to be upgraded and updated for government sector.

National Information Security Policy and Guidelines (NISPG)

NISPG has been prepared by MHA, based on experience of existing security standards and frameworks and global best practices and experience of implementation in the wake of expanding information security threat scenario. It aims at improving information security posture of organization possessing any information, including classified information and does not restrict organizations from adopting additional stringent practices over and above these guidelines. It elaborates baseline information security policy and highlights relevant security concepts and best practices, which government ministries, departments, and organizations must implement to protect their information.

GravityRAT: Malware allegedly designed by Pakistani hackers became stronger

According to Maharashtra cybercrime department officials, GravityRAT, a malware allegedly designed by Pakistani hackers has recently been updated further and equipped with anti-malware evasion capabilities. GravityRAT was first detected by Indian Computer Emergency Response (CERT-In), on various computers in 2017.

RAT (Remote Access Trojan) is a program capable of being controlled remotely and thus difficult to trace.

GravityRAT

GravityRAT is designed to infliltrate computers and steal data of users, and relay stolen data to Command and Control centres in other countries. It infiltrates system in the form of innocuous looking email attachment, which can be in any format, including MS Word, MS Excel, MS Powerpoint, Adobe Acrobat or even audio and video files.

Unlike most malware, which are designed to inflict short term damage, GravityRat lies hidden in the system that it takes over and keeps penetrating deeper. Its latest update enables this malware to function as Advanced Persistent Threat (APT), which, once it infiltrates system, silently evolves and does long-term damage.

The updates also have made malware self-aware and evade several commonly used malware detection techniques. One such technique is ‘sandboxing’, to isolate malware from critical programs on infected devices and provide extra layer of security. GravityRAT now has the ability to mask its presence evade its detection before it can be sandboxed.

GravityRAT is able to work silently on the system it attacks as compared to other malware whose activity can be detected by noise it causes inside Central Processing Unit (CPU). It can also gauge temperature of CPU and ascertain if device is carrying out high intensity activity, like malware search, and act to evade detection

GravityRAT sends data to Command and Control servers based in several countries sent in encrypted format, making it difficult to detect exactly what is leaked.