India has an alarming situation when it comes to cyber security. We tend to use ridiculously old devices, well beyond the software support life cycles of the product.
Although support for Windows 7 was discontinued in 2015 itself, more than 60 percent of Windows users in India, are still using the ancient Windows 7 operating system. Microsoft has said that it will continue to patch security vulnerabilities till 2020, but that might not be enough to combat innovative new malware that require more robust security measures from the ground up. It was only in the middle of 2016 that Windows 10 installations overtook that of Windows XP. 7 percent of the population still continues to use Windows Xp, including many banking ATM machines.
Source: StatCounter Global Stats – Operating System – Windows Versions Market Share
The use of older operating systems means that malware and bots can run amok in the systems, infecting an increasing number of machines. Users tend to think of malware as a problem only if it interferes in their day to day working. If a bot is sending out problems in the background without affecting the performance too much, it can pretty much continue its activities without getting detected.
Bots are malware that compromise machines and form networks known as botnets. Botnets, or pools of infected computers are peddled by cyber criminals in the dark web for a number of nefarious activities. These include executing dedicated denial of service (DDoS) attacks and sending out spam emails. India ranks ninth in the world when it comes to the origin of spam emails by volume.
Image: Kaspersky Labs
Kaspersky Labs says India is at risk of security attacks because of poorly structured industrial cybersecurity solutions. There is an increase in the number of attacks, and it is not going to reduce unless the security situation improves drastically in India. India is among the top five countries in the world to be affected by ransomware, with Karnataka topping the list as the most infected state. Ransomware encrypts data on a machine and does not allow the user to access it unless a “ransom” amount is paid, usually through untraceable currencies such as bitcoin. India is the second most infected country in the world when it comes to botnets, with only China being more infected.
In a botnet, a malicious entity, which can be an individual or a group of cybercriminals, known as a botherder gives instructions to a command and control server, this in turn passes on the instructions to the many machines in a botnet. Each infected machine in a botnet is known as a “zombie”, as the user is not entirely in control of the activities of the machine. One of the botnets active in India, Mirai, was responsible for the partial takedown of multiple services, affecting users from Britain to Germany. In July 2016, the world’s largest targeted DDoS attack against internet service providers took down the internet service for most users in Mumbai.
Launched "Cyber Swachhta Kendra"(Botnet Cleaning & Malware Analysis Centre),an imp milestone in various initiatives taken on Cyber Security. pic.twitter.com/moEvXsrxB9
— Ravi Shankar Prasad (@rsprasad) February 21, 2017
The Cyber Swachhta Kendra launched by the IT Ministry, will go a long way in tackling the prevalence of botnets in India, if only because the Government is taking efforts to highlight the problem in the public sphere. The Botnet Cleaning and Malware Analysis Centre has been launched along the lines of the National Cyber Security Policy of India, and is a step to create a safe and secure cyber eco system in India.
The centre is operated by the Indian Computer Emergency Response Team (CERT-In). CERT-In will identify the affected users, and notify the organisations or ISPs. The ISPs and network administrators at organisations, including banks, have been requested to direct the affected users to the Cyber Swacchta Kendra web site, where users can find the information and tools necessary to secure their devices.
As an immediate measure against infections by botnets, the Cyber Swacchta Kendra recommends removing the infected bots by using the free Quick Heal bot removal tool. The bot removal tool has been developed by Quick Heal in collaboration with the Cyber Swacchta Kendra, and is specifically meant to reduce the number of bot infections, and therefore, the power of botnets in India. There are 32-bit and 64-bit versions, which users have to download depending on the operating system they use.
NCA, @Europol & 30 other countries take down global malware network #OpAvalanche. Links to scan your computer here: https://t.co/KNaHTZi2Xs pic.twitter.com/FxjLaO8nAq
— NationalCrimeAgency (@NCA_UK) December 1, 2016
There are two ways to take down a botnet, either through taking down the command and control servers and making the zombies ineffective, or tackling every single infected machine. The problem is that for some advanced forms of botnets, the malware can evolve and continue to operate even after the connected domains have been sinkholed, and the command and control servers are blocked.
Avalanche is one of the particularly malicious botnet that steals information, injects banking trojans, provides a backdoor to cybercriminals, can be used as a malware and is used for money laundering as well as sending phishing emails. Although the botnet has been taken down in a massive global operation, the malware continues to infect machines and remain a current security threat.
Join the mission to make cyber secure Digital India – Cyber Swachhta Kendra to be launched today. #GoIInformation pic.twitter.com/qqbhTyQiP3
— MyGovIndia (@mygovindia) February 21, 2017
The Cyber Swachhta Kendra has a list of current security threats and alerts, along with detailed information on how to protect your system, and steps that can be taken to check for infections and clean the machine. At the launch of the Cyber Swacchta Kendra, IT Minister Ravi Shankar Prasad said, “I would like ISPs (Internet Service Providers) to encourage their consumers to come on board, there is a free service available. Come and use it in the event some malware has sneaked into the system.” A number of cybersecurity tools to tackle common problems faced by Indian users have also been launched.
Union Minister Shri @rsprasad addressing at launch of Cyber #Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre), in New Delhi pic.twitter.com/XjqqAJwstg
— MIB India (@MIB_India) February 21, 2017
USB Pratirodh is a desktop security solution that restricts the spread of malware through USB drives, external hard disks and tethered smartphones. Users can password protect access to external devices and removable storage, encrypt the data stored in the removable storage, and scan the drives for presence of malware.
AppSamvid is a desktop whitelisting security solution that will only allow a list of trusted applications to be executed on the system. Users can create their own whitelist and enforce it. An installation mode allows users to install or uninstall software as and when necessary. The application ensures that unwanted code does not run on the machine.
USB drives can be encrypted with USB Pratirodh.
M-Kavach is a comprehensive security solution for Android devices from version 4.4 and up. Users can restrict access to critical applications such as instant messengers, mobile wallets, payment solutions and social networking applications. A pre-set trusted phone number can be alerted of unauthorised Sim card changes. There is a facility to remotely wipe all the data on the phone in case of theft, as well as to factory reset the device through SMS. The M-Kavach application can be used to block unwanted calls and messages. The app protects the device against malware, and even supports backing up and restoration of the data.
M-Kavach is a comprehensive security solution for Android devices.
Finally, there is a browser extension called JSGuard to defend systems against malicious HTML and Javascript attacks based on heuristics. The extension alerts the user when they are visiting malicious web sites and prevents the irritating automatic redirects triggered by some web sites.
The plugin also provides a detailed analysis of the threats on a web page. The extensions are available on both Linux and Windows and have been signed by the Mozilla Add-on community. The browser extension is available for Mozilla Firefox and Google Chrome as of now.
The post The Cyber Swachhta Kendra is a concrete step to tackle the alarming botnet situation in India appeared first on Tech2.