Ivanti and Securin have jointly conducted an investigation into the cyber hygiene of the Indian state government domains and found several potential gaps in their current security practices
Blame it on poor cyber hygiene. Yes, Ivanti, the leading IT service management & security solution provider, and Securin, another security products & services company, have jointly conducted an investigation into the cyber hygiene of Indian state government domains and found several potential gaps in their current security practices. The investigation used the Securin Attack Surface Management platform to passively examine the domains of Indian state governments and union territories.
The findings reveal that over 10 percent of domains in Indian states do not have the Secure Sockets Layer (SSL) encryption—a basic security protocol layer. Without the SSL encryption, hackers and threat groups can mount attacks easily and intercept sensitive data. It also says that hundreds of highly sensitive protocols are currently exposed to the internet. These are the most vulnerable and popular exposures threat actors seek. The findings indicate that 293 instances of the SSH protocol and 67 instances of the FTP exposed to the internet.
The report further says that 700-plus credentials with passwords from all state domains leaked onto the deep and dark web, making these domains extremely vulnerable to phishing attacks, credential misuse, and impersonation. The investigation also found 537 instances of ransomware exposure, which makes the domains extremely vulnerable to ransomware attacks.
Srinivas Mukkamala, Chief Product Officer, Ivanti, said, “When basic cyber hygiene is not robust, it leaves governments and organizations extremely vulnerable to cyberattacks.” “All organizations and governments must remain vigilant when shoring up their cyber defenses. Together with our partners at Securin, we will continue to highlight areas of improvement for governments and organizations to protect against ransomware attacks,” added Mukkamala.
“India saw the highest number of cyberattacks on government agencies in 2022, which highlights that cyber hygiene cannot be ignored,” viewed Ram Movva, Co-Founder & Chairman of Securin Inc. “The government sector was the third most attacked industry in 2022, and we are seeing a sharp increase in the number of attacks being deployed on Indian organizations and government entities. Organizations must continuously strengthen their security posture, and the first step to that is knowing where your weaknesses are,” added Movva.
According to the 2023 Spotlight report released last month, there has been a staggering 503 percent increase in ransomware attacks globally since 2019. The report also revealed that 76 percent of vulnerabilities being exploited by ransomware groups were actually discovered before 2020, highlighting that attackers still rely on old tactics that continue to be effective. This highlights the critical importance of paying close attention to cyber hygiene practices and implementing effective security measures to safeguard against these types of attacks.
Qaisar
