Apple Inc has warned iPhone users in India and 91 other countries about being possibly victims of a “mercenary spyware attack”; that attackers tried to “remotely compromise the iPhone. Mercenary spyware attacks are rare and vastly more sophisticated than regular cybercriminal activity or malware, according to the notification email.

LEARNING FROM HOME/ WITHOUT CLASSES/ BASICS

Viruses and malware are programs that can attack computers, tablets, phones, and other digital devices. By combining the words ‘malicious’ (meaning ‘harmful’) and ‘software’ we get the word ‘malware’.  Malware is a type of software that aims to infiltrate or damage a computer or information system without the consent of its owner.

Viruses are just one type of malware. Other types include spyware, worms, and trojans.

           
A virus is a small program designed to cause trouble by gaining access to your device. It can copy your data or slow your device down. A virus spreads by duplicating and attaching itself to other files.

A Trojan horse or Trojan is often disguised as legitimate software. Trojans can be employed by cyber thieves and hackers trying to gain access to users’ systems.

Mercenary spyware: Defending against what’s next Ι 2023 (youtube.com)

MALWARE, CYBER SECURITY: INDIAN SCENARIO

The cyber security environment in India is fast changing, facing many sophisticated cyber security problems and challenges, due to the growing realization of threats of Malware, cyber attacks, and cyber crimes.

Cyber threats can be disaggregated, based on the perpetrators and their motives: cyber espionage, cyber warfare, cyber terrorism, and cyber crime. Cyber attackers use numerous vulnerabilities in cyberspace to commit these acts.  India is vulnerable to cyber espionage, cyber terrorism, cyber warfare and cyber crime and cyber security scenario in India is one of relative chaos and a sense of insecurity is arising out of the periodic reports of cyber attacks.

SUGGESTIONS

An enabling Legal Framework – Setting up of think tanks in Public-Private mode to identify gaps in the existing policy and frameworks and take action to address them. This includes addressing the privacy concerns of online users.  

       As the digital world is much more complex, there is a need to train judiciary, law enforcement agencies, and legal practitioners about cyber crimes, the collection of digital evidence and cyber forensics.

R&D – Creation of Centres of Excellence in identified areas of advanced Cyber Security and Centre for Technology Transfer to facilitate the transition of R&D prototypes to production, supporting R&D projects in thrust areas.

Security Incident – Early Warning and Response- Comprehensive threat assessment and attack mitigation by means of net traffic analysis and deployment of honey pots, development of vulnerability database.

Security awareness, skill development, and training – Launching formal Security Education, Skill Building, and Awareness Programmes.  Setting up of Centres of excellence in Cryptography, Malware Research, Mobile Security and Cyber Forensics,

Collaboration – The Cyberspace is borderless and actions in the cyber space can be anonymous so there is need to establish a collaborative platform, Focus on proactive and collaborative actions in Public-Private Partnership / think-tank for cyber security policy inputs, discussion and deliberations, operationalisation of security cooperation arrangements with overseas CERTs and industry, and seeking legal cooperation of international agencies on cyber crimes and cyber security.

         Cyber Security requirements are quite dynamic and change with the threat environment. The threat landscape needs to be updated regularly to prevent emerging attacks. Collaboration among various agencies is needed to share information regarding emerging threats and vulnerabilities, the technical complexity of cyberspace and the availability of skilled resources, which would help in the effective protection and prevention of cyber attacks.