Over 10% of domains in Indian states do not have the SSL encryption
India saw the highest number of cyberattacks on government agencies in 2022, which highlights that cyber hygiene cannot be ignored, according to Ram Movva, Co-Founder and Chairman of Securin Inc of Albuquerque, New Mexico.
“The government sector was the third most attacked industry in 2022, and we are seeing a sharp increase in the number of attacks being deployed on Indian organizations and government entities,” he said 30 Mar 2023.
“Organizations must continuously strengthen their security posture, and the first step to that is knowing where your weaknesses are,” said Movva, announcing the outcome of investigation into the cyber hygiene of Indian state government domains and found several potential gaps in their current security practices.
Securin and Ivanti of South Jordan, Utah, had conducted the investigation using the Securin Attack Surface Management platform to passively examine the domains of Indian state governments and union territories.
A few key findings are as follows:
Over 10% of domains in Indian states do not have the Secure Sockets Layer (SSL) encryption—a basic security protocol layer. Without the SSL encryption, hackers and threat groups can mount attacks easily and intercept sensitive data.
Hundreds of highly sensitive protocols are currently exposed to the internet. These are the most vulnerable and popular exposures threat actors seek. The investigation found 293 instances of the Secure Shell (SSH) protocol and 67 instances of the File Transfer Protocol (FTP) exposed to the internet.
Additionally, 700+ credentials with passwords from all state domains leaked onto the deep and dark web, making these domains extremely vulnerable to phishing attacks, credential misuse, and impersonation.
The investigation also found 537 instances of ransomware exposure, which makes the domains extremely vulnerable to ransomware attacks.
“When basic cyber hygiene is not robust, it leaves governments and organizations extremely vulnerable to cyberattacks,” said Srinivas Mukkamala, Chief Product Officer at Ivanti.
“All organizations and governments must remain vigilant when shoring up their cyber defenses. Together with our partners at Securin, we will continue to highlight areas of improvement for governments and organizations to protect against ransomware attacks.”
According to the 2023 Spotlight Report released last month, there has been a staggering 503% increase in ransomware attacks globally since 2019.
The report also revealed that 76% of vulnerabilities being exploited by ransomware groups were actually discovered before 2020, highlighting that attackers still rely on old tactics that continue to be effective.
This highlights the critical importance of paying close attention to cyber hygiene practices and implementing effective security measures to safeguard against these types of attacks.
Securin helps customers gain resilience against evolving threats. Its products and services are powered by accurate vulnerability intelligence, human expertise and automation, enabling enterprises to make critical security decisions to manage their expanding attack surfaces.
Ivanti elevates and secures Everywhere Work so that people and organizations can thrive. Over 40,000 customers, including 88 of the Fortune 100, have chosen Ivanti to help them deliver an excellent digital employee experience and improve IT and security team productivity and efficiency. fiinews.com
