Why is it in the news?

• India is significantly affected by phishing attacks, as indicated by the 2024 Data Breach Investigations Report by Verizon Business.

 More about the news

• Around 25% of cyberattacks in the Asia-Pacific (APAC) region are motivated by espionage, which is notably higher compared to Europe (6%) and North America (4%).
• System intrusion, social engineering, and basic web application attacks collectively account for 95% of breaches in the APAC region, including India.
• The most common types of data compromised in phishing attacks include:

1) Credentials (69%): Phishing attacks often target usernames, passwords, and other login credentials.

2) Internal Data (37%): Sensitive information stored within organizational networks is frequently targeted.

3) Secrets (24%): Confidential or proprietary information, such as intellectual property or trade secrets, are also commonly compromised.

Phishing Attack

About:

• Phishing is a type of cyberattack aimed at stealing sensitive information such as usernames, passwords, credit card numbers, or bank account details.
• Attackers typically impersonate reputable sources, using enticing requests to lure victims into disclosing their confidential information.

Reasons for Phishing Attacks:

• Third-Party Involvement: In 2023, 15% of breaches implicated a third party, encompassing data custodians, vulnerabilities in third-party software, and supply chain issues.
• Human Error and Social Engineering: About 68% of breaches, regardless of third-party involvement, stemmed from a non-malicious human element. This includes individuals making errors or being deceived by social engineering tactics employed by attackers.

Steps taken by government

• Information Technology Act, 2000: Section 43, 66, 70, and 74 of the IT Act, 2000 deal with hacking and cyber-crimes.
• CERT-In (Indian Computer Emergency Response Team): CERT-In issues alerts and advisories regarding the latest cyber threats and vulnerabilities. It provides countermeasures to protect computers and networks, aiming to enhance cybersecurity nationwide.
• National Cyber Coordination Centre (NCCC): It is established to generate situational awareness of existing and potential cyber security threats. It facilitates timely information sharing for proactive, preventive, and protective actions by various entities to mitigate cyber risks.
• Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre): Launched to detect malicious programs, the Cyber Swachhta Kendra provides free tools for removing such programs. It plays a crucial role in enhancing cybersecurity by identifying and neutralizing threats in digital environments.
• Bharat National Cyber Security Exercise 2023 (Bharat NCX): Bharat NCX aims to improve strategic leaders’ understanding of cyber threats. It helps assess readiness and develop skills for cyber crisis management and cooperation, bolstering the nation’s cybersecurity preparedness.
• Chakshu Facility: The Chakshu Facility is a newly introduced feature on the Sanchar Saathi portal. It encourages citizens to proactively report suspected fraudulent communications received via call, SMS, or WhatsApp, facilitating the identification and mitigation of cyber threats.

International Measures

• Budapest Convention: It is the first international treaty specifically addressing cybercrime. India is not a signatory to this treaty, which sets forth guidelines for international cooperation in combating cybercrime.
• Internet Corporation for Assigned Names and Numbers (ICANN): It is a US-based not-for-profit organization responsible for coordinating and maintaining several key databases related to the Internet’s infrastructure. It manages the assignment of domain names, IP addresses, and protocol parameters, ensuring the stable and secure operation of the Internet globally.
• Internet Governance Forum (IGF): The IGF is a United Nations forum dedicated to multi-stakeholder policy dialogue on Internet governance issues. It provides a platform for governments, civil society, academia, and the private sector to discuss and collaborate on Internet-related policy matters, promoting an inclusive and transparent approach to Internet governance.

Conclusion

• In India, phishing attacks pose a significant threat, often resulting in severe financial losses due to employees clicking on malicious links.
• However, there’s an encouraging trend as 20 percent of users now actively identify and report phishing attempts during simulation tests, indicating improved awareness and response capabilities.