Friday, Mar 29, 2024 | Last Update : 02:03 PM IST

  Opinion   Columnists  17 May 2017  Cybersecurity: Every user must watch out...

Cybersecurity: Every user must watch out...

Ravi Visvesvaraya Prasad is a telecommunications and IT consultant. His ICT Policy and Research Group made submissions to Trai supporting differential data pricing. The above comments are an edited version of his comments posted on Facebook.
Published : May 17, 2017, 12:22 am IST
Updated : May 17, 2017, 12:25 am IST

The Reserve Bank issued an advisory asking all banks to immediately update software systems using patches by Microsoft.

Cyber Hack. (Representational Image/AP)
 Cyber Hack. (Representational Image/AP)

While information technology minister Ravi Shankar Prasad asserted Monday that the WannaCry ransomware cyberattack, that devastated over 200,000 computers in over 150 countries, had a minimal impact in India, apart from some isolated instances, reports started trickling in Tuesday afternoon that around 45,000 Indian SMEs had fallen prey to WannaCry, and there were fears that the numbers would be under-reported as most organisations would want to avoid the stigma.

The minister said he hadn’t got any reports about Indian banking networks and online payment systems being compromised, and declared all government systems and networks run by the National Informatics Centre were completely secure. India was lucky to gain some time to reinforce its defences for when the ransomware attacks started in Europe Friday afternoon, offices had closed in India. Some leading outfits like Britain’s National Health Service, Federal Express, Renault, Nissan, Hitachi and Telefonica were badly affected.

On Saturday night, India’s Computer Emergency Response Team (CERT-In) issued a detailed “Critical Security Alert”. CERT-In quickly coordinated with other agencies like the National Informatics Centre, that hosts Central and state government systems, the Reserve Bank, National Payments Corporation of India, Unique Identification Authority of India (Aadhaar) and others.

The Reserve Bank issued an advisory asking all banks to immediately update software systems using patches by Microsoft. Many ATMs across the country were briefly shut as a precaution, though the RBI denied asking banks to shut their ATMs. There are about 250,000 ATMs in India, of which around 60 per cent run on the outdated Windows XP operating system, one of those targeted by the WannaCry ransomware.

The WannaCry ransomware targets older versions of Microsoft software, like Windows XP, Windows Vista, Windows 8, Windows Server 2003, Windows Server 2008, that are no longer supported by Microsoft. But after the earlier ransomware attacks in the US a few months back, Microsoft had in March issued an update for these obsolete systems to protect against WannaCry. But the pirated versions of these systems would not get these updates, and would be vulnerable. Legal and updated versions of later Microsoft systems, like Windows 10, would be immune to WannaCry.

In India, smaller organisations and individuals are highly vulnerable to worms and ransomware attacks due to their use of pirated software. It is estimated 60 per cent of small outfits and over 85 per cent individuals use pirated software in India. Also, it was reported Tuesday over 120 computers of the Gujarat government’s Wide Area Network, GSWAN, were hit, as were some government systems in Kerala, Andhra Pradesh and West Bengal.

A report by international cybersecurity firm Symantec in April 2017 found India was among the most heavily-infected countries, with four per cent (or over 18,000) global ransomware infections in 2016.

Nor does paying the ransom demanded by WannaCry actually guarantee one could recover full access to his/her files. A survey by international cybersecurity firm Norton in India in November found 27 per cent Indians affected actually paid the ransom to regain access, but 26 per cent of those who paid the ransom still did not regain complete access.

There are several precautions institutions and individuals should take, the most important being not to use pirated software, even though it’s cheap or free. The other steps include:

  • Use firewalls, and anti-virus software from reputed vendors, and ensure these are upgraded regularly.
  • Perform regular backups of all critical data, that should be kept on a separate device, and backups stored offline.
  • Never open attachments received in emails, even if from trusted sources. Always ask the sender to confirm what’s in the attachment before opening it.
  • Never ever click on an URL link, even if from a supposedly trusted sender. Always type in the URL in the browser directly yourself.
  • For financial transactions, ensure the use of Secure Socket 7. Ensure the protocol shows https://, not merely http://, together with the padlock symbol.
  • Use two-factor authentication in emails. Ensure the OTP comes to a different mobile device than one used for email. If one gets the SMS OTP on the same device used to access email, there is no added protection.

Big organisations should take several extra precautionary steps as individual users are often the weakest links. They should deploy web and email filters on their network. Configure these devices to scan for known bad domains, sources, and addresses; block these before receiving and downloading messages. Scan all emails, attachments, and downloads both on the host and at the mail gateway with a reputable anti-virus solution.

Disable macros in Microsoft Office products. Some Office products allow disabling of macros that originate from outside an organisation and can provide a hybrid approach when the outfit depends on the legitimate use of macros. For Windows, specific settings can block macros originating from the Internet from running.

  • Configure access controls, including file, directory, and network share permissions, with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.
  • Regularly check the content of backup files of databases for any unauthorised encrypted contents of data records or external elements.
  • Restrict users’ abilities (permissions) to install and run unwanted software applications.
  • Enable personal firewalls on workstations.

Cybersecurity is everyone’s responsibility, and often individuals are the weakest link. If WannaCry infects even a single computer in a network, due to one person’s negligence, it will immediately spread to each and every computer in the network.

Tags: wannacry ransomware, cyberattack, ravi shankar prasad, cybersecurity