The National Informatics Center (NIC) and the Ministy of Electronics & Information Technology (MeitY) suffered a data breach in early September. The NIC is a governmental body responsible for quality information and communications technology (ICT). MeitY, in turn, promotes e-Governance for modern citizens, working towards continuous growth of the Electronics, IT & ITeS industries. A malware in an email caused the breach. The email came from a Bengaluru IT firm. Together, these two organizations uphold and sustain a major chunk of the cyber infrastructure of the nation. The data breach, therefore, is worrisome.
Method of the Data Breach
The details of the case have been made public by the Delhi Police which is currently investigating the issue. The NIC, on approaching the authorities, claimed that MeitY employees received an email which contained malicious payload. When the employee interacted with the email attachment, the malware activated and began deleting data stored on the government computer. The bug, as was found later, had spread to other systems, ultimately affecting more than a 100 computers.
Further searches revealed that the malware originated from an IT firm in Bengaluru, sent through a proxy server.
Furthermore, the Delhi Police said a government employee had also faced issues accessing his official, idle NIC email account.
The Underlying Threat of this Attack
The computers at these governmental agencies house some of the most sensitive and crucial data on our nation’s security. Data for some high-profile government officials, including the PM and the NSA among others is also secured on these computers.
“The NIC has found that there was an attempted breach by unidentified cyber actors, a regular activity over cyber space which was, however, detected by NIC’s robust cyber security systems,” the police said. To combat the situation, the police have registered a case with Special Cell, an elite department within the Delhi Police force.
“The reports being carried in certain sections of the media about widespread cyber intrusion involving high offices are unsubstantiated and do not reflect the current stage of investigation. Special Cell of the Delhi Police is probing the suspected malware attack which has affected and shown vulnerability in 100 computers of National Informatics Centre and Ministry of Electronic and Informational Technology,” the statement said.
Now, after reading this case, you can understand how important email security is. If it can happen with these top governmental bodies, it can happen to anyone. If you are looking for email security providers, take a Logix’s Email Advanced Threat Protection solution. We enable organizations to combat a variety of email borne threats. Our multi-layered, multi-tiered security approach uses multiple threat intelligence detection and prevention tools. We specialize in configuring, migrating and supporting email security solutions for our customers.