*How an email set off alarm bells at Sebi – The Economic Times

Clipped from: https://economictimes.indiatimes.com/news/india/how-an-email-set-off-alarm-bells-at-sebi/articleshow/92966571.cms

SynopsisOn Saturday, Sebi issued a press release saying it had recently noted a “cyber security incident” in its email system, which was undergoing an upgrade. The regulator said it had filed a first information report (FIR) and also alerted the Indian Computer Emergency Response Team (CERT-IN), the government agency that deals with cyber threats.

An email received by a mid-level executive at the Securities and Exchange Board of India (Sebi) at the end of May rang the alarm bells at the regulator. The email from the company secretary (CS) of a mid-cap listed company was seeking clarifications on a set of queries it had received. But no such email had been sent by the Sebi official, who also checked his outbox to be doubly sure. Sebi’s IT department then discovered that nearly a dozen such emails had been sent from what was his official ID in a span of two minutes a few days previously, said people with knowledge of the matter.

On Saturday, Sebi issued a press release saying it had recently noted a “cyber security incident” in its email system, which was undergoing an upgrade. The regulator said it had filed a first information report (FIR) and also alerted the Indian Computer Emergency Response Team (CERT-IN), the government agency that deals with cyber threats.

While cyber hacks of regulatory systems have occurred in various parts of the world, this is perhaps the first time it’s been known to happen at an Indian regulator, said the people cited above. Sebi asked all employees to change passwords and update any other credential authentication methods once the breach was discovered. “Out of nearly a dozen mails sent during the breach, most of them went to wrong email addresses but at least one of them went to a listed company. The mail said the company was required to provide some information as per the takeover code,” said a person with direct knowledge of the incident. “The email quoted several legal provisions under the takeover code, but the queries did not make any sense. Hence there is a suspicion that the mail was drafted by a bot.”

An email sent to Sebi was unanswered.

Sebi had said on Saturday the breach was a “small incident”.

“CERT-IN is fully in the loop. No sensitive data was lost. Root cause has been diagnosed and fixed. Prevention for future has been fully implemented,” said a Sebi spokesperson on Saturday.

The cyber breach dodged defences designed to curb unauthorised usage of email addresses belonging to officials, said the people cited above.

Inbuilt Antivirus Programme
Sebi’s system has an inbuilt antivirus programme, which also acts as a surveillance tool, monitoring everything in the network. Sebi officials wanting to access emails from outside the office need a one-time password (OTP) delivered to their official mobile phones.

email

Cyber experts said regulators and government agencies handling sensitive matters must tighten their technology to fend off such attacks.

“The security systems being used by Indian regulatory agencies and other government bodies are highly prone to system breaches,” said Rajshekhar Rajaharia, a security researcher. “Email hacks are especially very easy targets since they can be breached without any security tool catching a whiff.”

Thousands of new threats arise daily and using a basic anti-virus programme may not be sufficient. “An anti-virus needs to be updated daily and factor in all the new kinds of vulnerabilities emerging,” he said.

Cyber experts say that in most such cases, the culprits aren’t found as they use multiple IP addresses across various countries.

(Originally published on Jul 19, 2022, 04:39 AM IST)

Share the joy of reading! Gift this story to your friends & peers with a personalized message. Gift Now

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s