Securin Inc. and Ivanti have conducted an investigation into the cyber hygiene of Indian state government domains and found several potential gaps in their current security practices.
The investigation used the Securin Attack Surface Management platform to passively examine the domains of Indian state governments and union territories. A few key findings are as follows:
- Over 10% of domains in Indian states do not have the Secure Sockets Layer (SSL) encryption—a basic security protocol layer. Without the SSL encryption, hackers and threat groups can mount attacks easily and intercept sensitive data.
- Hundreds of highly sensitive protocols are currently exposed to the internet. These are the most vulnerable and popular exposures threat actors seek. We found 293 instances of the SSH protocol and 67 instances of the FTP exposed to the internet.
- Additionally, 700+ credentials with passwords from all state domains leaked onto the deep and dark web, making these domains extremely vulnerable to phishing attacks, credential misuse, and impersonation.
- The investigation also found 537 instances of ransomware exposure, which makes the domains extremely vulnerable to ransomware attacks.
“When basic cyber hygiene is not robust, it leaves governments and organizations extremely vulnerable to cyberattacks,” said Srinivas Mukkamala, Chief Product Officer at Ivanti. “All organizations and governments must remain vigilant when shoring up their cyber defenses. Together with our partners at Securin, we will continue to highlight areas of improvement for governments and organizations to protect against ransomware attacks.”
According to the 2023 Spotlight Report released last month, there has been a staggering 503% increase in ransomware attacks globally since 2019. The report also revealed that 76% of vulnerabilities being exploited by ransomware groups were actually discovered before 2020, highlighting that attackers still rely on old tactics that continue to be effective. This highlights the critical importance of paying close attention to cyber hygiene practices and implementing effective security measures to safeguard against these types of attacks.
“India saw the highest number of cyberattacks on government agencies in 2022, which highlights that cyber hygiene cannot be ignored,” said Ram Movva, Co-Founder and Chairman of Securin Inc. “The government sector was the third most attacked industry in 2022, and we are seeing a sharp increase in the number of attacks being deployed on Indian organizations and government entities. Organizations must continuously strengthen their security posture, and the first step to that is knowing where your weaknesses are.”
You can read more of the findings from our examination here.
About Securin Inc.
Securin Inc. helps customers gain resilience against evolving threats. Our products and services are powered by accurate vulnerability intelligence, human expertise, and automation, enabling enterprises to make critical security decisions to manage their expanding attack surfaces.
For more information, visit www.securin.io.
Ivanti elevates and secures Everywhere Work so that people and organizations can thrive. We make technology work for people, not the other way around. Today’s employees use a wide range of corporate and personal devices to access IT applications and data over multiple networks to stay productive, wherever and however they work. Ivanti is one of the only technology companies that finds, manages, and protects each IT asset and endpoint in an organization. Over 40,000 customers, including 88 of the Fortune 100, have chosen Ivanti to help them deliver an excellent digital employee experience and improve IT and security team productivity and efficiency. At Ivanti, we strive to create an environment where all perspectives are heard, respected, and valued, and we are committed to a more sustainable future for our customers, partners, employees, and the planet. For more information, visit www.ivanti.com and follow @GoIvanti.