CERT-In Advisory
CIAD-2025-0019
Essential Measures for Industry for Safeguarding Business Operations against Cyber Security Threats
Original Issue Date: May 10, 2025
Severity Rating: High
Description
The Indian Computer Emergency Response Team (CERT-In) has detected a surge in cyber threats encompass ransomware attacks, DDoS incidents,
website defacements, data breaches, and malware infections. These attack vectors, whether executed individually or in combination, pose a
significant risk to the integrity, confidentiality, and availability of systems and services.
Strengthen Authentication & Access Control
- Enforce strong password policies with long, complex, and unique credentials for each service.
- Implement Multi-Factor Authentication (MFA) to secure accounts.
- Apply role-based access control (RBAC) to restrict employee permissions based on their responsibilities.
Patch Management
- Regularly update operating systems, applications, and security tools.
- Utilize automated updates to ensure system integrity remains intact.
Web Server & Infrastructure Protection
- Scan all web servers and infrastructure for open ports and known vulnerabilities.
- Remove or isolate unmaintained, old, or unused web applications and systems.
- Ensure rapid detection and restoration of public-facing assets, in case of website defacement attacks.
- Deploy web application firewall
Secure Network & Endpoint Devices
- Configure firewalls to filter incoming and outgoing traffic effectively.
- Encrypt data during transmission and storage to safeguard against unauthorized access.
- Configure email filtering to block phishing attempts and malicious attachments effectively.
- Use antivirus and anti-malware solutions to detect and remove threats.
Implement Robust Data Protection Strategies
- Maintain regular, offline backups to mitigate ransomware risks.
- Regularly test backup restoration procedures to ensure data recovery remains reliable.
- Implement data loss prevention (DLP) solutions to monitor and control data movement.
Supply Chain Monitoring
- Establish continuous monitoring of vendor and supplier activities, especially focusing on any anomalies in software updates or system
configurations.
Develop an Incident Response Plan
- Establish a structured response plan to effectively address breaches and cyber incidents.
- Continuously analyze log files and network activity for failed login attempts, configuration changes, new device connections or other
suspicious behaviour.
Zero Trust Architecture
- Consider Implementing a Zero Trust security model where no entity, whether inside or outside the organization, is trusted by default.
Enforce strict identity verification and authorization for every access request, including from vendors.
Conduct Employee Awareness & Training
- Conduct regular cybersecurity training to educate employees about phishing, social engineering, and best practices. Simulate phishing
attack exercises to improve user awareness.
- Organize routine cyber drills to simulate attacks and response measures.
Organizations are requested to strictly monitor their ICT infrastructure. If any suspicious activity found, preserve all logs as per CERT-In
Directions of April 28, 2022, take containment measures and report with all relevant logs to CERT-In (incident@cert-in.org.in).
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-22902657
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|