Bharat National Cyber Security Exercise, 2024 - Harmonising Efforts in the Indian Cybersecurity Space

Introduction

In today’s time, everything is online, and the world is interconnected. Cases of data breaches and cyberattacks have been a reality for various organisations and industries, In the recent case (of SAS), Scandinavian Airlines experienced a cyberattack that resulted in the exposure of customer details, highlighting the critical importance of preventing customer privacy. The incident is a wake-up call for Airlines and businesses to evaluate their cyber security measures and learn valuable lessons to safeguard customers’ data. In this blog, we will explore the incident and discuss the strategies for protecting customers’ privacy in this age of digitalisation.

Analysing the backdrop

The incident has been a shocker for the aviation industry, SAS Scandinavian Airlines has been a victim of a cyberattack that compromised consumer data. Let’s understand the motive of cyber crooks and the technique they used :

Motive Behind the Attack: Understanding the reasons that may have driven the criminals is critical to comprehending the context of the Scandinavian Airlines cyber assault. Financial gain, geopolitical conflicts, activism, or personal vendettas are common motivators for cybercriminals. Identifying the purpose of the assault can provide insight into the attacker’s aims and the possible impact on both the targeted organisation and its consumers. Understanding the attack vector and strategies used by cyber attackers reveals the amount of complexity and possible weaknesses in an organisation’s cybersecurity defences. Scandinavian Airlines’ cyber assault might have included phishing, spyware, ransomware, or exploiting software weaknesses. Analysing these tactics allows organisations to strengthen their security against similar assaults.

Impact on Victims: The Scandinavian Airlines (SAS) cyber attack victims, including customers and individuals related to the company, have suffered substantial consequences. Data breaches and cyber-attack have serious consequences due to the leak of personal information.

1)Financial Losses and Fraudulent Activities: One of the most immediate and upsetting consequences of a cyber assault is the possibility of financial loss. Exposed personal information, such as credit card numbers, can be used by hackers to carry out illegal activities such as unauthorised transactions and identity theft. Victims may experience financial difficulties and the need to spend time and money resolving these concerns.

2)Concerns about privacy and personal security: A breach of personal data can significantly impact the privacy and personal security of victims. The disclosed information, including names, addresses, and contact information, might be exploited for nefarious reasons, such as targeted phishing or physical harassment. Victims may have increased anxiety about their safety and privacy, which can interrupt their everyday life and create mental pain.

3) Reputational Damage and Trust Issues: The cyber attack may cause reputational harm to persons linked with Scandinavian Airlines, such as workers or partners. The breach may diminish consumers’ and stakeholders’ faith in the organisation, leading to a bad view of its capacity to protect personal information. This lack of trust might have long-term consequences for the impacted people’s professional and personal relationships.

4) Emotional Stress and Psychological Impact: The psychological impact of a cyber assault can be severe. Fear, worry, and a sense of violation induced by having personal information exposed can create emotional stress and psychological suffering. Victims may experience emotions of vulnerability, loss of control, and distrust toward digital platforms, potentially harming their overall quality of life.

5) Time and Effort Required for Remediation: Addressing the repercussions of a cyber assault demands significant time and effort from the victims. They may need to call financial institutions, reset passwords, monitor accounts for unusual activity, and use credit monitoring services. Resolving the consequences of a data breach may be a difficult and time-consuming process, adding stress and inconvenience to the victims’ lives.

6) Secondary Impacts: The impacts of an online attack could continue beyond the immediate implications. Future repercussions for victims may include trouble acquiring credit or insurance, difficulties finding future work, and continuous worry about exploiting their personal information. These secondary effects can seriously affect victims’ financial and general well-being.

Apart from this, the trust lost would take time to rebuild.

Takeaways from this attack

The cyber-attack on Scandinavian Airlines (SAS) is a sharp reminder of cybercrime’s ever-present and increasing menace. This event provides crucial insights that businesses and people may use to strengthen cybersecurity defences. In the lessons that were learned from the Scandinavian Airlines cyber assault and examine the steps that may be taken to improve cybersecurity and reduce future risks. Some of the key points that can be considered are as follows:

Proactive Risk Assessment and Vulnerability Management: The cyber assault on Scandinavian Airlines emphasises the significance of regular risk assessments and vulnerability management. Organisations must proactively identify and fix possible system and network vulnerabilities. Regular security audits, penetration testing, and vulnerability assessments can help identify flaws before bad actors exploit them.

Strong security measures and best practices: To guard against cyber attacks, it is necessary to implement effective security measures and follow cybersecurity best practices. Lessons from the Scandinavian Airlines cyber assault emphasise the importance of effective firewalls, up-to-date antivirus software, secure setups, frequent software patching, and strong password rules. Using multi-factor authentication and encryption technologies for sensitive data can also considerably improve security.

Employee Training and Awareness: Human mistake is frequently a big component in cyber assaults. Organisations should prioritise employee training and awareness programs to educate employees about phishing schemes, social engineering methods, and safe internet practices. Employees may become the first line of defence against possible attacks by cultivating a culture of cybersecurity awareness.

Data Protection and Privacy Measures: Protecting consumer data should be a key priority for businesses. Lessons from the Scandinavian Airlines cyber assault emphasise the significance of having effective data protection measures, such as encryption and access limits. Adhering to data privacy standards and maintaining safe data storage and transfer can reduce the risks connected with data breaches.

Collaboration and Information Sharing: The Scandinavian Airlines cyber assault emphasises the need for collaboration and information sharing among the cybersecurity community. Organisations should actively share threat intelligence, cooperate with industry partners, and stay current on developing cyber threats. Sharing information and experiences can help to build the collective defence against cybercrime.

Conclusion

The Scandinavian Airlines cyber assault is a reminder that cybersecurity must be a key concern for organisations and people. Organisations may improve their cybersecurity safeguards, proactively discover vulnerabilities, and respond effectively to prospective attacks by learning from this occurrence and adopting the lessons learned. Building a strong cybersecurity culture, frequently upgrading security practices, and encouraging cooperation within the cybersecurity community are all critical steps toward a more robust digital world. We may aim to keep one step ahead of thieves and preserve our important information assets by constantly monitoring and taking proactive actions.

Introduction:

Welcome to the second edition of our blog on Digital forensics series. In our previous blog we discussed what digital forensics is,  the process followed by the tools, and the subsequent challenges faced in the field. Further, we looked at how the future of Digital Forensics will hold in the current scenario.  Today, we will explore differences between 3 particular similar sounding terms that vary significantly in functionality when implemented: Copying, Cloning and Imaging.

In Digital Forensics, the preservation and analysis of electronic evidence are important for investigations and legal proceedings. Replication of the data and devices is one of the fundamental tasks in this domain, without compromising the integrity of the original evidence. 

Three primary techniques -- copying, cloning, and imaging -- are used for this purpose. Each technique has its own strengths and is applied according to the needs of the investigation.

In this blog, we will examine the differences between copying, cloning and imaging. We will talk about the importance of each technique, their applications and why imaging  is considered the best for forensic investigations.

Copying

Copying means duplicating data or files from one location to another. When one does copying, it implies that one is using standard copy commands. However, when dealing with evidence, it might be hard to use copy only. It is because the standard copy can alter the metadata and change the hidden or deleted data .

 The characteristics of copying include: 

• Speed: copying is simpler and faster,compared to cloning or imaging.
•  Risk: The risk involved in copying is that the metadata might be altered and all the data might be captured.

Cloning

It is the process where the transfer of the entire contents of a hard drive or a storage device is done  on another storage device. This process is known as cloning . This way, the cloning process captures both the active data and the unallocated space and hidden partitions, thus containing the whole structure of the original device. Cloning is generally used at the sector level of the device. Clones can be used as the working copy of a device .

Characteristics of cloning: 

•  bit-for-bit replication: cloning keeps the exact content and the whole structure of the original device. 
• Use cases: cloning is used when it is needed to keep the original device intact for further examination or a legal affair. 
•  Time consuming: Cloning is usually longer in comparison to simple copying since it involves the whole detailed replication. Though it depends on various factors like the size of the storage device, the speed of the devices involved, and the method of cloning.

Imaging:

It is the process of creating a forensic image of a storage device. A forensic image is a replica copy of every bit of data that was on the source device, this including the allocated, unallocated, and the available slack space .

 The image is then used for analysis and investigation, and the original evidence is left untouched. Images can’t be used as the working copies of a device.  Unlike cloning, which produces working copies, forensic images are typically used for analysis and investigation purposes and are not intended for regular use as working copies.

Characteristics of Imaging:

•  Integrity: Imaging ensures the integrity and authenticity of the evidence produced
•  Flexibility: Forensic image replicas can be mounted as a virtual drive to create image-specific mode for analysis of data without affecting the original evidence . 
• Metadata: Imaging captures metadata associated with the data, thus promoting forensic analysis.

Key Differences

• Purpose: Copying is for everyday use but not good for forensic investigations requiring data integrity. Cloning and imaging are made for forensic preservation.
• Depth of Replication: Cloning and imaging captures the entire storage device including hidden, unallocated, and deleted data  whereas copying may miss crucial forensic data.
• Data Integrity: Imaging and cloning keep the integrity of the original evidence thus making them suitable for legal and forensic use. Which is a critical aspect of forensic investigations.
• Forensic Soundness: Imaging is considered the best in digital forensics due to its comprehensive and non-invasive nature.
• Cloning is generally from one hard disk to another, where as imaging creates a compressed file that contains a snapshot of the entire hard drive or a specific partitions

Conclusion

Therefore, copying, cloning, and imaging all deal with duplication of data or storage devices with significant variations, especially in digital forensic. However, for forensic investigations, imaging is the most selected approach due to the correct preservation of the evidence state for any analysis or legal use . Therefore, it is essential for forensic investigators to understand these rigorous differences to avail of real and uncontaminated digital evidence for their investigation and legal argument.

‍

Introduction

‍

We were all stunned and taken aback when multiple photos of streets in the U.S. surfaced with heavily drugged individuals loosely sitting on the streets, victims of a systematically led drug operation that has recently become a target of the Trump-led “tariff” war, which he terms as a war on drug cartels. The drug is a synthetic opioid, fentanyl, which is highly powerful and addictive. The menace of this drug is found in a country that has Wall Street and the largest and most powerful economy globally. The serious implications of drug abuse are not about a certain economy; instead, it has huge costs to society in general. The estimated cost of substance misuse to society is more than $820 billion each year and is expected to continue rising. 

On June 26, the International Day against Drug Abuse and Illicit Trafficking is observed globally. However, this war is waged daily for millions of people, not on streets or borders, but in bloodstreams, behind locked doors, and inside broken homes. Drug abuse is no longer a health crisis; it is a developmental crisis. The United Nations Office on Drugs and Crime has launched a campaign against this organised crime that says, “Break the Cycle’ attributing to the fact that de-addiction is hard for individuals. 

The Evolving Drug Crisis: From Alleyways to Algorithms

‍

The menace of Drug abuse and illicit trafficking has also taken strides in advancement, and what was once considered a street-side vice has made its way online in a faceless, encrypted, and algorithmically optimised sense. The online drug cartels operate in the shadows and often hide in plain sight, taking advantage of the privacy designed to benefit individuals. With the help of darknet markets, cryptocurrency, and anonymised logistics, the drug trade has transformed into a transnational, tech-enabled industry on a global scale. In an operation led by the U.S. Department of Justice’s Joint Criminal Opiod and Darknet Enforcement (JCODE) and related to Operation RapTor, an LA apartment was only to find an organised business centre that operated as a hub of one of the most prolific methamphetamine and cocaine distributors in the market. Aaron Pinder, Unit Chief of the FBI Hi-Tech Organised Crime Unit, said in his interview, “The darknet vendors that we investigate, they truly operate on a global scale.” On January 11, 2025, during the Regional Conference on “Drug Trafficking and National Security,” it was acknowledged how cryptocurrency, the dark web, online marketplaces, and drones have made drug trafficking a faceless crime. Reportedly, there has been a seven-fold increase in the drugs seized from 2004-14 to 2014-24. 

‍

India’s Response: Bridging Borders, Policing Bytes

‍

India has been historically vulnerable due to its geostrategic placement between the Golden Crescent (Afghanistan-Iran-Pakistan) and Golden Triangle (Myanmar-Laos-Thailand), and confronts a fresh danger from “click-to-consume’ narcotics. Although India has always adopted a highly sensitised approach, it holds an optimistic future outlook for the youth. Last year, to commemorate the occasion of International Day against Drug Abuse and Illicit Trafficking, the Department of Social Justice & Empowerment organised a programme to engage individuals for the cause. The Indian authorities are often seen coming down heavily on the drug peddlers and cartels, and to aid the cause, the Home Minister Amit Shah inaugurated the new office complex of the NCB’s Bhopal zonal unit and extension of the MANAS-2 helpline to all 36 states and UTs. The primary objectives of this step are to evaluate the effectiveness of the Narcotics Coordination Mechanism (NCORD), assess the progress of states in fighting drug trafficking, and share real-time information from the National Narcotics Helpline ‘MANAS’ portal with the Anti-Narcotics Task Force (ANTF) of states and UTs. 

‍

The United Nation’s War on Narcotics: From Treaties to Technology

‍

The United Nations Office on Drugs and Crime (UNODC) is leading the international response. It offers vital data, early warning systems, and technical support to the states fighting the drug problem. The UNODC incorporates cooperation in cross-border intelligence, overseeing the darknet activities, encouraging the treatment and harm reduction, and using anti-money laundering mechanisms to stop financial flows. India has always pledged its support to the UN led activities, and as per reports dated 26th March, 2025, India chaired the prestigious UN-backed Commission on Narcotic Drugs (CND) meeting held in vienna, wherein India highlighted the importance of opioids for medical purposes as well as the nation’s notable advancements in the field. 

‍

Resolution on June 26: From Commemoration to Commitment

‍

Let June 26 be more than a date on the calendar- let it echo as a call to action, a day when awareness transforms into action, and resolve becomes resistance. On this day, CyberPeace resolves the following:

‍

• To treat addicts as victims rather than criminals and to pitch for reforms to provide access to reasonably priced, stigma-free rehabilitation.
• To integrate anti-drug awareness into digital literacy initiatives and school curricula in order to teach frequently and early.
• To demand responsibility and accountability from online marketplaces and delivery services that unwittingly aid traffickers
• To tackle the demand side through employment, mental health services, and social protection, particularly for at-risk youth.

‍

References

• https://www.gatewayfoundation.org/blog/cost-of-drug-addiction/#:~:text=The%20estimated%20cost%20for%20substance,Alcohol%3A%20%24249%20billion 
• https://www.unodc.org/unodc/en/drugs/index-new.html 
• https://www.fbi.gov/news/stories/global-operation-targets-darknet-drug-trafficking 
• https://www.thehindu.com/news/national/dark-web-crypto-drones-emerge-as-challenges-in-fight-against-drug-trafficking-amit-shah/article69088383.ece 
• https://www.pib.gov.in/PressReleaseIframePage.aspx?PRID=2028704 
• https://www.newindianexpress.com/nation/2025/Mar/26/in-a-first-india-chairs-un-forum-on-narcotics-pledges-to-improve-access-to-pain-relief-and-palliative-care 

‍