According to a cybersecurity notice issued by the Centre, an Indonesian cyber attack group is purportedly targeting 12,000 government websites in India. The Indian Cyber Crime Coordination Centre (I4C), a division of the Ministry of Home Affairs, issued the warning on Thursday.
“There have been reports that state and federal government websites may be targeted”, the notice read, asking government personnel to take precautions. Last year, a huge ransomware attack disrupted the computers of the All India Institute of Medical Science (AIIMS), rendering its centralised records and other hospital services unusable.
In 2022, the Indian government registered 19 ransomware attacks on various government agencies, nearly tripling the number recorded the previous year.
ALSO READ: Govt amends IT rules 2021, lays out norms for online gaming
According to the I4C alert, an Indonesian “hacktivist” organisation was carrying out denial of service (DoS) and distributed denial of service (DDoS) attacks. DDoS assaults are defined as the deliberate paralysis of a computer network by flooding it with data sent simultaneously from several computers.
According to the alert, the hacktivist organisation has also issued a list of government websites that it claims to be targeting, including state and federal government websites.
Last year, a Malaysian hacktivist group hacked Indian government websites in response to political unrest sparked by statements made about Prophet Muhammad. The Indian Embassy in Israel as well as the National Institute of Agricultural Extension Management were targeted by the Malaysian hacktivist group DragonForce.
ALSO READ: RBI announces new central portal for tracking unclaimed deposits: Details
Guidelines for securing websites issued by the government
The government recently released the third version of Guidelines for India Government Websites (GIGW 3.0), which, as the name implies, provides guidelines to officials on how to develop, maintain, and manage not only government websites, but also portals and mobile applications in a safe and secure manner.
It advised developers to encrypt passwords, keep software and plugins up to date, and protect connection strings, tokens, and keys. It further stated that website cookies should be secure. It also advised developers not to provide too many high-level staff access to the website’s backend.
