The Controller General of Defence Accounts (CGDA), which oversees the Ministry of Defense's Defence Accounts Department (DAD), recently warned its employees about a cyber security threat in which users were being targeted by a fake WhatsApp-like app to trick them into providing their login information.
According to the circular, which Moneycontrol reviewed, CGDA received input on this from the Ministry of Defence and government agencies, and they have urged employees not to install malicious applications and to verify the legitimacy of websites.
This is important because the DAD is in charge of payment, providing financial advice, conducting internal audits, and accounting of the expenditure and receipts of the Armed Forces, including the Coast Guard, Defense Research and Development Organization laboratories, and defence ordnance factories.
Moneycontrol has reached out to the Controller General of Defence Accounts (CGDA) with queries in this regard, and the story will be updated when a response is received.
The threat
According to the CGDA's August 24 circular, a face messaging app called WHSAPP.APK that mimicked WhatsApp was embedded with malicious content.
“This HQrs (headquarters) have been received inputs (sic) from MoD and credible Govt Agency that a new squatting campaign is being used by threat actors to target users and convince them to hand over their login credentials,” the circular read.
Squatting, also known as cybersquatting, is the fraudulent act of registering domain names that appear to be related to already-existing domains or brands with the intention of making money off of user errors, according to Palo Alto Networks, a US-based cybersecurity firm.
“The above-mentioned domain names (WHSAPP.APK) would mislead users into believing them to be associated with the popular chat application WhatsApp. The site can be utilised for phishing consumer credentials, hosting malicious payloads, disinformation etc,” the circular added.
Such domain name squatting vectors were urged to be blocked in "perimeter security devices like firewalls and UTM's (Unified Threat Management) installed (sic) at their offices the internet," according to the circular that was distributed to offices and personnel within the CGDA's jurisdiction.
The CGDA advised staff to avoid installing malicious software, confirm the legitimacy of any website by looking up its address, and find out a website's correct domain name by looking it up on "known search engines like Google, Bing, etc."
Rising attacks
The timing of this circular coincides with the recent targeting of numerous Indian government websites and applications by foreign "hacktivists".
A recent research by India-based cybersecurity company Cloudsek revealed that various state government websites from Gujarat, Uttar Pradesh, Assam and Tamil Nadu were attacked by the hacktivist group known as "Mysterious Team Bangladesh."
This group engaged in distributed denial of service (DDoS) attacks, which Cloudflare defines as a malicious attempt to obstruct a website's regular traffic and overwhelm its servers with a barrage of Internet traffic.
The National Informatics Centre, a division of the Ministry of Electronics and Information Technology that manages all IT-related developments for government ministries and departments, released a 10-page manual for government employees in June that outlines the ‘Dos and Don'ts’ when handling computer systems.
In the directive, employees were advised not to share sensitive details on social media or third-party messaging apps, to research an app's popularity and read user reviews before downloading it, and to only download programmes from Google Play or Apple's respective app stores.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
