The National Cyber Coordination Centre (NCCC) and Indian Computer Response Team (CERT-In), both part of the Government of India, have reported that hacker groups are potentially targeting the websites of State and Central Government in India with DoS/DDoS attacks. These groups claim to be targeting 12,000 critical Government websites and other Government IT infrastructure in India in their latest set of attacks.
To prevent web intrusion attacks and web defacement, all Central and State Government Departments, Organizations, Public Sector Undertakings, and Agencies in Sikkim are advised to take the following measures:
- Use the latest version of Web server, Database Server, and Hypertext Processor (PHP).
- Apply appropriate updates and patches to the OS and Application software.
- Conduct a complete security audit of web application, web server, and database server periodically and after every major configuration change. Plug any vulnerabilities found.
- Validate and sanitize all user input and present error messages that reveal little or no useful information to prevent SQL injection attacks.
- Enable and maintain logs of different devices and servers and maintain them for all levels.
- Use Web Application Firewall (WAF), Security Information and Event Management (SIEM), and/or Database Activity Monitoring (DAM) solutions.
- Search all websites hosted on the web server or sharing the same DB server for malicious web shells or any other artefacts.
- Periodically check the web server directories for any malicious or unknown web shell files. Remove them as soon as noticed.
- To identify web shells, scan the server with Yara rules.
- Change database passwords of all the accounts available in the compromised database server. Also, change the passwords/credentials stored in the databases present on the database server.
- Use an application firewall to control input, output, and/or access to the web application.
- Limit the file types allowed to be uploaded to the web server using a list of predetermined file types. Define permissions on the directory files are uploaded into to prevent attackers from executing the files after upload.
- Consider using a File Integrity Monitoring (FIM) solution on web servers to identify unauthorized changes to files on the server.
What is DoS/DDOS Attack ?
A Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack is a cyber attack where the attacker seeks to make a website or online service unavailable to users by overwhelming it with a flood of traffic from multiple sources. This is typically achieved by using a network of compromised computers, known as a botnet, to flood the targeted website with requests, causing it to slow down or crash. The goal of such attacks is to disrupt the functioning of the target system and prevent legitimate users from accessing the service.
For breaking news and live news updates, like us on Facebook fb.com/thevoiceofsikkim or follow us on Twitter twitter.com/thevoicesikkim and Instagram instagram.com/thevoiceofsikkim. Visit www.voiceofsikkim.com.