Why in News:

• Convenience and quickness in completing payments via mobile applications also played a key role in accelerating mobile payment. This acceleration brings along with it a vulnerability: an increased threat of cyberattacks on mobile devices. Global cybersecurity firm Kaspersky warns of an increase in cyberattacks on Android and iOS devices in the Asia Pacific (APAC) as more people switch to mobile banking in the region.

What are cyberattacks?

• A cyberattack is a malicious and deliberate attempt by an individual or organization to breach the information system of another individual or organization.

Types of cyberattacks

• • Malware– is a term used to describe malicious software, including spyware, ransomware, viruses, and worms. Malware breaches a network through a vulnerability, typically when a user clicks a dangerous link or email attachment that then installs risky software. Ex: WannaCry(ransomware), NotPetya(ransomware), Kaseya(ransomware)
    • A Chinese outfit named Red Echo has increased its use of resources like malware to attack “a broad swath” of India’s power industry. Red Echo deployed ShadowPad malware, which uses a backdoor to get access to systems.
    • Russian nation-state hacking group called ‘Strontium’

• REvil(also known as Sodinokibi)-(Russian base hacking group)

• Phishing– is the practice of sending fraudulent communications that appear to come from a reputable source, usually through email. The goal is to steal sensitive data like credit card and login information or to install malware on the victim’s machine. Phishing is an increasingly common cyberthreat-ex: North Korea backed cybercrime group- Lazarus Group
• Man-in-the-middle (MitM) attacks– also known as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data.
• A denial-of-service attack– floods systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests. Attackers can also use multiple compromised devices to launch this attack. This is known as a distributed-denial-of-service (DDoS) attack.
• A Structured Query Language (SQL) injection– occurs when an attacker inserts malicious code into a server that uses SQL and forces the server to reveal information it normally would not. An attacker could carry out a SQL injection simply by submitting malicious code into a vulnerable website search box.
• A zero-day exploit– hits after a network vulnerability is announced but before a patch or solution is implemented. Attackers target the disclosed vulnerability during this window of time. Zero-day vulnerability threat detection requires constant awareness.

How are mobile payments affected?

• Mobile banking Trojans are dangerous malware that can steal money from mobile users’ bank accounts by disguising the malicious application as a legitimate app to lure unsuspecting people into installing the malware. (A Trojan is a malicious code or software that looks legitimate but can take control of your device, including smartphones.)
• Some of them are: Anubis, BianLian, Roaming Mantis

Modus Operandi

• The perpetrators infect the device through legitimate-looking and high-ranking malicious apps on Google Play, smishing (phishing messages sent through SMS)
• The group attacks Android devices and spreads the malicious code by hijacking domain name systems (DNS) through smishing exploits.

Concerned laws in India

• Information Technology Act (IT Act) 2000
• Information Technology Act (Amendment) 2008 – It empowers the Indian government to intercept, monitor and decrypt computer systems, resources and communication devices.

Sections of Indian Penal Code:

• 66C – Identity Theft.
• 66D – Cheating by personation by using the computer resource.
• 66E – Violation of privacy.
• 72 – Breach of confidentiality and privacy.

Government Initiatives

• The Computer Emergency Response Team (CERT-in) as the nodal agency for coordination of all cyber security efforts, emergency responses, and crisis management
• e-BAAT (Electronic Banking Awareness And Training) programmes by RBI
• Organising campaigns on safe use of digital payment modes
• The Government has launched the online cybercrime reporting portal, www.cybercrime.gov.in to enable complainants to report complaints pertaining to Child Pornography/Child Sexual Abuse Material, rape/gang rape imageries or sexually explicit content.
• The Central Government has rolled out a scheme for establishment of Indian Cyber Crime Coordination Centre (I4C) to handle issues related to cybercrime in the country in a comprehensive and coordinated manner.
• Establishment of National Critical Information Infrastructure Protection Centre (NCIIPC) for protection of critical information infrastructure in the country.
• All organizations providing digital services have been mandated to report cyber security incidents to CERT-In expeditiously.
• Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) has been launched for providing detection of malicious programmes and free tools to remove such programmes.
• Formulation of Crisis Management Plan for countering cyber attacks and cyber terrorism.
• Conducting regular training programmes for network / system administrators and Chief Information Security Officers (CISOs) of Government and critical sector organisations regarding securing the IT infrastructure and mitigating cyber attacks.
• Information Technology Act (Amendment) 2008 – It empowers the Indian government to intercept, monitor and decrypt computer systems, resources and communication devices.

• National Cyber Security Strategy 2020

• The Indian Army has developed a simple and secure messaging application named the “Secure Application for Internet (SAI). Secure Application for the Internet (SAI) will support an end-to-end secure voice, text and video calling services for Android platforms over the internet.

Related Mains Question: Discuss the aspects of the government’s National Cyber Security Strategy after analysing the necessity for one– https://bit.ly/3MAIhel

Reference:

1. https://www.thehindu.com/sci-tech/technology/the-cyber-threat-to-mobile-banking/article65821978.ece