In regards to recent ICT threat received from regulators, all Members of the Clearing Corporation are hereby notified and requested to undertake appropriate actions as applicable to their environment. A brief description of the steps to be taken are mentioned below.
Description of the threat:
a) A communique from National Cyber Security Coordinator regarding a highly suspicious communication being observed on the internet in the country has been identified.
b) An advanced software script (malware) is associated in such suspicious communication which is specifically targeting critical sectors which predominantly include Energy and Finance. The software infects devices to get foothold in the ICT Networks / systems, steals information, passwords and pass over to the adversaries outside the country. The software script also has the capability to encrypt entire information on the computer system. In some cases, the data hosted or stored on the computer terminals may be lost permanently. The infected files reappear again and again. The software script connects to a malicious domain, the location of which keeps on changing in Germany and Russia.
Key Actions to be taken to mitigate the threat:
a) In order to prevent infection, users and organizations are advised to apply patches to Windows operating systems and Microsoft Office products.
b) Update firmware/patches for all network components and network products.
c) Ensure anti-virus signatures are updated on all assets.
d) Block any suspicious IP addresses on firewall
e) Block USB usage
f) Ensure IPS/IDS signatures are updated.
g) Ensure Email Gateway solutions has all relevant updates for detecting possible mails that may bring Trojans/malicious content in the environment. Also block sensitive file extensions such as “.exe”, “.rtf”, “.vbs”, and “.js” etc. , including macros - at the perimeter level.
h) Make the users aware about this threat and ensure that users do not download any suspicious attachments and/or browse suspicious/malicious links.
i) Maintain a backup of critical data and store it offline and/or at a different location.
j) For additional recommendations, please refer the attachment (Annexure I).
For and on behalf of
Indian Clearing Corporation Limited
Rajesh Singhal Prasad Sawant
CISO Company Secretary & Compliance Officer |