#FactCheck - Philadelphia Plane Crash Video Falsely Shared as INS Vikrant Attack on Karachi Port

Introduction

Against the dynamic backdrop of Mumbai, where the intersection of age-old markets and cutting-edge innovation is a daily reality, an initiative of paramount importance has begun to take shape within the hallowed walls of the Reserve Bank of India (RBI). This is not just a tweak, a nudge in policy, or a subtle refinement of protocols. What we're observing is nothing short of a paradigmatic shift, a recalibration of systemic magnitude, that aims to recalibrate the way India's financial monoliths oversee, manage, and secure their informational bedrock – their treasured IT systems.

On the 7th of November, 2023, the Reserve Bank of India, that bastion of monetary oversight and national fiscal stability, unfurled a new doctrine – the 'Master Direction on Information Technology Governance, Risk, Controls, and Assurance Practices.' A document comprehensive in its reach, it presents not merely an update but a consolidation of all previously issued guidelines, instructions, and circulars relevant to IT governance, plaited into a seamless narrative that extols virtues of structured control and unimpeachable assurance practices. Moreover, it grasps the future potential of Business Continuity and Disaster Recovery Management, testaments to RBI's forward-thinking vision.

This novel edict has been crafted with a target audience that spans the varied gamut of financial entities – from Scheduled Commercial Banks to Non-Banking Financial Companies, from Credit Information Companies to All India Financial Institutions. These are the juggernauts that keep the economic wheels of the nation churning, and RBI's precision-guided document is an unambiguous acknowledgment of the vital role IT holds in maintaining the heartbeat of these financial bodies. Here lies a riveting declaration that robust governance structures aren't merely preferred but essential to manage the landscape of IT-related risks that balloon in an era of ever-proliferating digital complexity.

Directive Structure

The directive's structure is a combination of informed precision and intuitive foresight. Its seven chapters are not simply a grouping of topics; they are the seven pillars upon which the temple of IT governance is to be erected. The introductory chapter does more than set the stage – it defines the very reality, the scope, and the applicability of the directive, binding the reader in an inextricable covenant of engagement and anticipation. It's followed by a deep dive into the cradle of IT governance in the second chapter, drawing back the curtain to reveal the nuanced roles and defiant responsibilities bestowed upon the Board of Directors, the IT Strategy Committee, the clairvoyant Senior Management, the IT Steering Committee, and the pivotal Head of IT Function.

As we move along to the third chapter, we encounter the nuts and bolts of IT Infrastructure & Services Management. This is not just a checklist; it is an orchestration of the management of IT services, third-party liaisons, the calculus of capacity management, and the nuances of project management. Here terms like change and patch management, cryptographic controls, and physical and environmental safeguards leap from the page – alive with earnest practicality, demanding not just attention but action.

Transparency deepens as we glide into the fourth chapter with its robust exploration of IT and Information Security Risk Management. Here, the demand for periodic dissection of IT-related perils is made clear, along with the edifice of an IT and Information Security Risk Management Framework, buttressed by the imperatives of Vulnerability Assessment and Penetration Testing.

The fifth chapter presents a tableau of circumspection and preparedness, as it waxes eloquent on the necessity and architecture of a well-honed Business Continuity Plan and a disaster-ready DR Policy. It is a paean to the anticipatory stance financial institutions must employ in a world fraught with uncertainty.

Continuing the narrative, the sixth chapter places the spotlight on Information Systems Audit, delineating the precise role played by the Audit Committee of the Board in ushering in accountability through an exhaustive IS Audit of the institution's virtual expanse.

And as we perch on the final chapter, we're privy to the 'repeal and other provisions' of the directive, underscoring the interplay of other applicable laws and the interpretation a reader may yield from the directive's breadth.

Conclusion 

To proclaim that this directive is a mere step forward in the RBI's exhaustive and assiduous efforts to propel India's financial institutions onto the digital frontier would be a grave understatement. What we are witnessing is the inception of a more adept, more secure, and more resilient financial sector. This directive is nothing less than a beacon, shepherding in an epoch of IT governance marked by impervious governance structures, proactive risk management, and an unyielding commitment to the pursuit of excellence and continuous improvement. This is no ephemeral shift - this is, indisputably, a revolutionary stride into a future where confidence and competence stand as the watchwords in navigating the digital terra incognita.

References:

https://www.businesstoday.in/industry/banks/story/rbi-issues-new-directions-on-it-governance-in-banks-nbfcs-effective-from-april-2024-check-details-405061-2023-11-08

‍

Introduction

Data Breaches have taken over cyberspace as one of the rising issues, these data breaches result in personal data making its way toward cybercriminals who use this data for no good. As netizens, it's our digital responsibility to be cognizant of our data and the data of one's organization. The increase in internet and technology penetration has made people move to cyberspace at a rapid pace, however, awareness regarding the same needs to be inculcated to maximise the data safety of netizens. The recent AIIMS cyber breach has got many organisations worried about their cyber safety and security. According to the HIPPA Journal, 66% of healthcare organizations reported ransomware attacks on them. Data management and security is the prime aspect of clients all across the industry and is now growing into a concern for many. The data is primarily classified into three broad terms-

• Personal Identified Information (PII) - Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.
• Non-Public Information (NPI) - The personal information of an individual that is not and should not be available to the public. This includes Social Security Numbers, bank information, other personal identifiable financial information, and certain transactions with financial institutions.
• Material Non-Public Information (MNPI) - Data relating to a company that has not been made public but could have an impact on its share price. It is against the law for holders of nonpublic material information to use the information to their advantage in trading stocks.

This classification of data allows the industry to manage and secure data effectively and efficiently and at the same time, this allows the user to understand the uses of their data and its intensity in case of breach of data. Organisations process data that is a combination of the above-mentioned classifications and hence in instances of data breach this becomes a critical aspect. Coming back to the AIIMS data breach, it is a known fact that AIIMS is also an educational and research institution. So, one might assume that the reason for any attack on AIIMS could be either to exfiltrate patient data or could be to obtain hands-on the R & D data including research-related intellectual properties. If we postulate the latter, we could also imagine that other educational institutes of higher learning such as IITs, IISc, ISI, IISERs, IIITs, NITs, and some of the significant state universities could also be targeted. In 2021, the Ministry of Home Affairs through the Ministry of Education sent a directive to IITs and many other institutes to take certain steps related to cyber security measures and to create SoPs to establish efficient data management practices. The following sectors are critical in terms of data protection-

• Health sector
• Financial sector
• Education sector
• Automobile sector

These sectors are generally targeted by bad actors and often data breach from these sectors result in cyber crimes as the data is soon made available on Darkweb. These institutions need to practice compliance like any other corporate house as the end user here is the netizen and his/her data is of utmost importance in terms of protection.Organisations in today's time need to be in coherence to the advancement in cyberspace to find out keen shortcomings and vulnerabilities they may face and subsequently create safeguards for the same. The AIIMS breach is an example to learn from so that we can protect other organisations from such cyber attacks. To showcase strong and impenetrable cyber security every organisation should be able to answer these questions-

• Do you have a centralized cyber asset inventory?
• Do you have human resources that are trained to model possible cyber threats and cyber risk assessment?
• Have you ever undertaken a business continuity and resilience study of your institutional digitalized business processes?
• Do you have a formal vulnerability management system that enumerates vulnerabilities in your cyber assets and a patch management system that patches freshly discovered vulnerabilities?
• Do you have a formal configuration assessment and management system that checks the configuration of all your cyber assets and security tools (firewalls, antivirus management, proxy services) regularly to ensure they are most securely configured?
• Do have a segmented network such that your most critical assets (servers, databases, HPC resources, etc.) are in a separate network that is access-controlled and only people with proper permission can access?
• Do you have a cyber security policy that spells out the policies regarding the usage of cyber assets, protection of cyber assets, monitoring of cyber assets, authentication and access control policies, and asset lifecycle management strategies?
• Do you have a business continuity and cyber crisis management plan in place which is regularly exercised like fire drills so that in cases of exigencies such plans can easily be followed, and all stakeholders are properly trained to do their part during such emergencies?
• Do you have multi-factor authentication for all users implemented?
• Do you have a supply chain security policy for applications that are supplied by vendors? Do you have a vendor access policy that disallows providing network access to vendors for configuration, updates, etc?
• Do you have regular penetration testing of the cyberinfrastructure of the organization with proper red-teaming?
• Do you have a bug-bounty program for students who could report vulnerabilities they discover in your cyber infrastructure and get rewarded?
• Do you have an endpoint security monitoring tool mandatory for all critical endpoints such as database servers, application servers, and other important cyber assets?
• Do have a continuous network monitoring and alert generation tool installed?
• Do you have a comprehensive cyber security strategy that is reflected in your cyber security policy document?
• Do you regularly receive cyber security incidents (including small, medium, or high severity incidents, network scanning, etc) updates from your cyber security team in order to ensure that top management is aware of the situation on the ground?
• Do you have regular cyber security skills training for your cyber security team and your IT/OT engineers and employees?
• Do your top management show adequate support, and hold the cyber security team accountable on a regular basis?
• Do you have a proper and vetted backup and restoration policy and practice?

If any organisation has definite answers to these questions, it is safe to say that they have strong cyber security, these questions should not be taken as a comparison but as a checklist by various organisations to be up to date in regard to the technical measures and policies related to cyber security. Having a strong cyber security posture does not drive the cyber security risk to zero but it helps to reduce the risk and improves the fighting chance. Further, if a proper risk assessment is regularly carried out and high-risk cyber assets are properly protected, then the damages resulting from cyber attacks can be contained to a large extent.

Introduction

With mobile phones at the centre of our working and personal lives, the SIM card, which was once just a plain chip that links phones with networks, has turned into a vital component of our online identity, SIM cloning has become a sneaky but powerful cyber-attack, where attackers are able to subvert multi-factor authentication (MFA), intercept sensitive messages, and empty bank accounts, frequently without the victim's immediate awareness. As threat actors are becoming more sophisticated, knowing the process, effects, and prevention of SIM cloning is essential for security professionals, telecom operators, and individuals alike.

Understanding SIM Cloning

SIM cloning is the act of making an exact copy of a victim's original SIM card. After cloning, the attacker's phone acts like the victim's, receiving calls, messages, and OTPs. This allows for a variety of cybercrimes, ranging from unauthorised financial transactions to social media account hijacking. The attacker virtually impersonates the victim, often leading to disastrous outcomes.

The cloning can be executed through various means:

● Phishing or Social Engineering: The attack compels the victim or a mobile carrier into divulging personal information or requesting a replacement SIM.

● SIM Swap Requests: Attackers use fake IDs or stolen credentials to make telecom providers port the victim's number to a new SIM.

● SS7 Protocol Exploitation: Certain sophisticated attacks target weaknesses in the Signalling System No. 7 (SS7) protocol employed by cellular networks to communicate.

● Hardware based SIM Cloning: Although uncommon, experienced attackers will clone SIMs through the use of specialized hardware and malware that steals authentication keys.

The Real-World Consequences

The harm inflicted by SIM cloning is systemic as well as personal. The victims are deprived of their phones and online accounts, realising the breach only when improper dealings or login attempts have occurred. The FBI reported over $50 million loss in 2023 from crimes associated with SIM, most of which involved cryptocurrency account and high net-worth persons.

Closer to home, Indian entrepreneurs, journalists, and fintech users have reported losing access to their numbers, only to have their WhatsApp, UPI, and banking apps taken over. In a few instances, the attackers even contacted contacts, posing as the victim to scam others.

Why the Threat Is Growing

Dependence on SMS-based OTPs is still a core vulnerability. Even as there are attempts to move towards app-based two-factor authentication (2FA), most banking, government, and e-commerce websites continue to employ SMS as their main authentication method. This reliance provides an entry point for attackers who can replicate a SIM and obtain OTPs without detection.

Vulnerabilities in telecom infrastructure are also a part of the issue. Insider attacks at telecom operators, where malicious employees handle fraud SIM swap requests, also keep cropping up. On top of that, most users are not even aware of what exactly SIM cloning is or how to identify it, leaving attackers with a head start.

Very often, the victims are only aware that their SIM has been cloned when they lose mobile service or notice unusual activity on their accounts. Red flags include loss of signal, failure to send or receive messages, and inability to receive OTPs. Alerts on password changes or unusual login attempts must never be taken lightly, particularly if this is coupled with loss of mobile service.

How Users Can Protect Themselves

● Use A Strong SIM Pin: This protects your SIM from access by unauthorized users should your phone be lost or stolen.

● Secure Personal Information: Don't post sensitive personal information online that can have a place in social engineering.

● Notify your Carrier of Suspicious Activity: If your phone suddenly has lost service or is behaving strangely, contact your mobile operator immediately.

● Register for Telecom Alerts: Many providers offer alerts to SIM swap or porting requests that are useful to preliminarily detect a possible takeover.

● Verify SIM card status using Sanchar Saathi: Visit [https://sancharsaathi.gov.in](https://sancharsaathi.gov.in) to check how many mobile numbers are issued using your ID. This government portal allows you to identify unauthorized or unknown SIM cards, helping prevent SIM swapping fraud. You can also request to block suspicious numbers linked to your identity.

Conclusion

SIM cloning is not a retrograde nod to vintage cybercrime; it's an effective method of exploitation, especially where there's a strong presence of SMS-based authentication. The attack vector is simple, but the damage it causes can be profound, both financial and reputational. With telecommunication networks forming the backbone of digital identity, users, regulators, and telecom service providers have to move in tandem. For the users, awareness is the best protection. For Telecoms, security must be a baseline requirement, not a value-add option. It's time to redefine mobile security, before your identity is in anyone else's hands.

References

● https://www.trai.gov.in/faqcategory/mobile-number-portability

● https://www.cert-in.org.in/PDF/Digital_Threat_Report_2024.pdf

● https://www.ic3.gov/PSA/2022/PSA220208/

● https://www.hdfcbank.com/personal/useful-links/security/beware-of-fraud/sim-swap

● https://security-gen.com/SecurityGen-Article-Cloning-SimCard.pdf

● https://www.p1sec.com/blog/understanding-ss7-attacks-vulnerabilities-impacts-and-protection-measures

‍