Securin, Ivanti analyst find potential security gaps in Indian state government domains

Securin, Ivanti analyst find potential security gaps in Indian state government domains

The investigation used the Securin Attack Surface Management platform to passively examine the domains of Indian state governments and union territories.

FPJ Web DeskUpdated: Friday, March 31, 2023, 03:09 PM IST
article-image
Securin, Ivanti analyst find potential security gaps in Indian state government domains | Photo: Pixabay

Securin Inc. and Ivanti have conducted an investigation into the cyber hygiene of Indian state government domains and found several potential gaps in their current security practices.

The investigation used the Securin Attack Surface Management platform to passively examine the domains of Indian state governments and union territories. A few key findings are as follows:

1. Over 10% of domains in Indian states do not have the Secure Sockets Layer (SSL) encryption—a basic security protocol layer. Without the SSL encryption, hackers and threat groups can mount attacks easily and intercept sensitive data.

2. Hundreds of highly sensitive protocols are currently exposed to the internet. These are the most vulnerable and popular exposures threat actors seek. We found 293 instances of the SSH protocol and 67 instances of the FTP exposed to the internet.

3. Additionally, 700+ credentials with passwords from all state domains leaked onto the deep and dark web, making these domains extremely vulnerable to phishing attacks, credential misuse, and impersonation.

4. The investigation also found 537 instances of ransomware exposure, which makes the domains extremely vulnerable to ransomware attacks.

“When basic cyber hygiene is not robust, it leaves governments and organizations extremely vulnerable to cyberattacks,” said Srinivas Mukkamala, Chief Product Officer at Ivanti. “All organizations and governments must remain vigilant when shoring up their cyber defenses. Together with our partners at Securin, we will continue to highlight areas of improvement for governments and organizations to protect against ransomware attacks.”

According to the 2023 Spotlight Report released last month, there has been a staggering 503% increase in ransomware attacks globally since 2019. The report also revealed that 76% of vulnerabilities being exploited by ransomware groups were actually discovered before 2020, highlighting that attackers still rely on old tactics that continue to be effective. This highlights the critical importance of paying close attention to cyber hygiene practices and implementing effective security measures to safeguard against these types of attacks.

“India saw the highest number of cyberattacks on government agencies in 2022, which highlights that cyber hygiene cannot be ignored,” said Ram Movva, Co-Founder and Chairman of Securin Inc. “The government sector was the third most attacked industry in 2022, and we are seeing a sharp increase in the number of attacks being deployed on Indian organizations and government entities. Organizations must continuously strengthen their security posture, and the first step to that is knowing where your weaknesses are.”

RECENT STORIES

Indian Trade Bodies Express Disappointment Over Trump’s 25% Tariffs On India

Indian Trade Bodies Express Disappointment Over Trump’s 25% Tariffs On India

Hitachi Energy India Q1 Profit Soars Over 12-Fold To ₹132 Crore On Robust Revenues, HVDC Order...

Hitachi Energy India Q1 Profit Soars Over 12-Fold To ₹132 Crore On Robust Revenues, HVDC Order...

Large Size Of Domestic Market Cushions India Against US Tariff Hikes

Large Size Of Domestic Market Cushions India Against US Tariff Hikes

Mahindra Q1 Net Profit Up 24% To ₹4,083 Crore; Income At ₹45,529 Crore

Mahindra Q1 Net Profit Up 24% To ₹4,083 Crore; Income At ₹45,529 Crore

P&G Hygiene And Health Q4FY25 Profit Surges Over 2-Fold To ₹192 Crore; Revenue Slightly Up At...

P&G Hygiene And Health Q4FY25 Profit Surges Over 2-Fold To ₹192 Crore; Revenue Slightly Up At...