Obsolete software makes govt sites vulnerable to attacks: Study
Many servers that host government websites are plagued by various problems like obsolete software and poor secure coding, making them vulnerable to cyber attacks, a study has said.
New Delhi: Many servers that host government websites are plagued by various problems like obsolete software and poor secure coding, making them vulnerable to cyber attacks, a study has said.
According to official data, a total of 78 government websites were hacked and 16,035 incidents related to spam, malware infection and system break-in were reported this year so far.
It is very important for the nation to start upgrading its IT infrastructure and keep up with the latest security guidelines & practices, the study said.
"One can find servers running older and vulnerable versions of software, poor server management, web applications deployed on these servers being designed and implemented by programmers who lack awareness of secure coding practices," the study by Information Security Consortium (Infosac) said.
However, private sector is much more cautious and alert when it comes to their IT infrastructure compared to the government, it said.
The study also highlighted sophisticated cyber attacks, possibly from neighbouring China, aimed at stealing critical information from government organisation and large corporate houses.
Giving details of a malware Travnet that hit computer networks in India recently, it said that the group behind the attack had done extensive research on topics that are current as well as intriguing to Indian targets.
Some of phishing mails sent to individuals have attachments such as `BJP won?t dump Modi for Nitish NDA headed for split.Doc`.
"The analysis strongly suggests that the group behind Travnet might be from China," the study said.
Rajshekhar Murthy, Director, CERT-ISAC, National Security Database, said, "the report outlines the dangers Indian IT infrastructure is facing and references research which proves that our government and Critical Infrastructure are targets of sophisticated attacks".
CERT-ISAC is a mobile and electronic security body and part of InfoSec consortium that is made up of cyber security communities like nullcon, c0c0n, Malcon and ClubHack.
Infosac is supported by National Security Database (NSD), a government supported empanelment program for information security experts for national critical infrastructure protection.
Infosac is also organising four-day Ground Zero summit here from November 7 for promoting information security and awareness in the region.