CERT-In has recently released its annual report, which notes that the agency handled 13,91,457 incidents in 2022. The report is available on CERT-In’s website.
The type of incidents that CERT-In handled were “Website Intrusion & Malware Propagation, Malicious Code, Phishing, Distributed Denial of Service attacks, Website Defacements, Unauthorized Network Scanning/Probing activities, Ransomware attacks, Data Breach and Vulnerable Services.”
In case of each of these cyber security incidents, CERT-In came up with remedial measures which were implemented in coordination with relevant stakeholders.
The annual report from CERT-In does not provide the details of whether the intervention from CERT-In happened before the attack or after the attackers had caused any damage.
It is noteworthy that the number of cyber security incidents that CERT-In has reported in 2022 is marginally less than the number of such incidents in 2021. The 2021 annual report indicates that the agency had dealt with 14,02,809 incidents. This implies that year-on-year, the cyber security incidents have actually gone down by 0.8% in 2022.
However, 2022 saw a major increase in phishing attacks, vulnerable services and malware attacks as compared to 2021. In 2022, CERT-In dealt with 1714 phishing attacks, 324620 unauthorized network scanning attacks, 19793 website defacements, and 2164 website intrusions and malware propagation attacks. In 2021, the number of such attacks were much less.
The annual report also informs that a total of 653 security alerts, 38 advisories and 488 vulnerability notes were issued during the year 2022. A number of cyber security training exercises are conducted by CERT-In every year.
According to the 2022 annual report, CERT-In conducted 23 cyber security training and awareness programs for government, public and critical sector organisations. The purpose of these programs was to acquaint the relevant professionals in the area of cyber security with the latest security threats and inform them of the best tools and techniques for improving cyber security.
CERT-In conducted 9 domestic cyber crisis exercises in 2022 for various organizations across sectors and state government departments. It has contributed in 2 international exercise planning and scenario development and participated as a player in 6 International cyber security drills in 2022.
In collaboration with Cyber Security Agency (CSA), Singapore, CERT-In conducted an International cyber security exercise “Synergy” for 13 countries as part of the International Counter Ransomware InitiativeResilience Working Group in August 2022.
A government agency under the Ministry of Electronics and Information Technology (MeitY), CERT-In was formed in 2004 with the objective of securing Indian cyber space. For two decades, CERT-In has been providing Incident Prevention and Response services as well as Security Quality Management Services.