Cyberwar: How Prepared Is Nepal?

Uploaded on 2017-01-30 in NEWS-Cybersecurity News, GOVERNMENT-Defence, FREE TO VIEW

The main reason Nepal became a target of cyber attackers was because of the chaos and dilemma caused by the earthquake.

The proliferation of Internet usage in the recent years has changed the way we interact daily.

Right from the usage of e-Commerce, online banking, social networking sites up to connecting every single device like the Internet of things, IOT i.e. toasters, refrigerators, televisions, temperature controls, home automation systems, nuclear power station to the Internet and controlling them from any end point of the globe have been developed.

After land, sea, air and space, warfare has entered the fifth domain: cyberspace.

Back in the old days, war was fought either from land, sea, air, and space with guns, ammunition, fighter jets, missiles, but now an individual or even a group of individuals can wage a war with just a use of computers and working Internet connection, right from their bed while taking a sip of tea and in pajamas.

So, cyber warfare is the art and science of fighting without fighting; defeating an opponent without spilling their blood. In other words, cyber war refers to the action by a nation-state, to penetrate other nations’ computers and networks for the purpose of causing damage or disruption.

These days almost all the nations are fully dependent on the Internet for storage and transference of information and information in this era has become a critical part of daily operations.

What we say, what we do, what we share, what we plan are very critical information we hold as an individual or as a nation overall, and this information could be used against us.

The Internet was not originally designed with security in mind, but as an open system to allow scientists and researchers to send data to one another quickly. Without strong investments in cyber security and cyber defenses, data systems remain open and susceptible to rudimentary and dangerous forms of exploitation and attack.

Back in the old days (the late 80’s and early 90’s), hackers used to break into systems for fun and with motive of learning new things. Robert Tappan Morris, a Cornell University graduate student who released the most notable internet worm also known as ‘Morris worm’ on November of 1988, was where the people started noticing the ability and potential of the Internet.

Vulnerability of Nepal

Nepal is also extremely vulnerable to cyber-attacks and is encountering a high number of malware attacks on a daily basis. The Asia Pacific region is especially vulnerable with emerging markets most at risk of malware threats.

Nepal has also become a target and being exploited by cyber-criminals and state sponsored hackers. Previously, Naikon also known as APT-30 (Advanced Persistent Threat) group, has targeted military, government and civil organizations and exploited them.

Carbanak, an APT style attack, also resulted in financial loss for Nepal and almost thirty other countries. These types of attacks are growing rapidly although Nepal has not developed much in terms of technology.

Although Nepal has Information Technology Security Emergency Response Team (ITSERT-NP) it does not actively participate in research and development nor do they participate in active intelligence gathering and learning about new threats and spreading awareness.

Technical personnel capable of defending the national level infrastructure are extremely limited and are always outnumbered by start-up hackers. Lack of training, resource, materials and especially security awareness seem to be the problem in Nepal.

The first phase should be divided into learning defensive tactics and then gradually developing offensive techniques and eventually building up an elite cyber task force for national defense of information and security of Nepal.

During 2014-2015 Nepal was highly vulnerable to cyber-attacks since the national infrastructure almost collapsed because of the massive earthquake, and as a result, thousands of websites and servers, including servers from government, military and private servers, were victims of huge cyber-attacks and cyber vandalism.

Most of the websites are built by people who have little or no knowledge about security and on top of that the websites are built for small amounts ranging from a minimum of five thousand to fifty thousand rupees.

Until and unless the gap between developers and security people are bridged, cyber-attacks will continue and will be a big curse for Nepalese economy and national infrastructure.

There is no such thing as hack-proof security but still adding an extra layer of security and using the concept of defense in depth will make attackers put in more effort, time and resource.

No matter how deep the defense is or how hard you are trained to defend, an attacker will always find a way inside and eventually break into the systems, but that does not mean to do nothing. We can never predict a cyber-war until we start one.

Previous attacks could be of great help to predict future attacks and patterns of attacks. We can expect satellites, naval forces, aircraft, missiles and rockets being hacked and exploited to cause severe damage to the global economy and infrastructure.

If we do not prepare now for cyber warfare, develop threat intelligence and prepare defensively then it could raise massive threats.

Ein News:      Cyber Warfare: Regional Is Becoming Global:

 

« How Much Cyber Insurance Is Enough?
Iranian Malware Delivered Via Fake Oxford University Sites »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Encode

Encode

Encode delivers a cutting edge Security Analytics & Response Orchestration platform and best of breed Cyber Security Operations and Services.

Agari

Agari

Agari is the Trusted Email Identity Company™, protecting brands and people from devastating phishing and socially-engineered attacks.

Accredia

Accredia

Accredia is the national accreditation body for Italy. The directory of members provides details of organisations offering certification services for ISO 27001.

Onevinn

Onevinn

Onevinn's goal is to create a transparent, cost-effective security that is noticed as little as possible by the users. We simply call it "intelligent security."

Stone Forest IT (SFIT)

Stone Forest IT (SFIT)

Stone Forest IT specialises in providing advisory, implementation and managed services for IT infrastructure, IT security solutions, business applications (ERP and CRM) and business analytical tools.

Appsian Security

Appsian Security

Appsian provides powerful solutions that help organizations take control of their business critical data and financial transactions.

Celcom

Celcom

Celcom is the oldest mobile telecommunications provider in Malaysia, providing solutions and services to consumers and businesses.

Spinnaker Support

Spinnaker Support

Spinnaker Support is a premier global provider of on-premise and cloud-based enterprise software support services.

ProArch

ProArch

ProArch is a global team of multidisciplinary experts in cloud, infrastructure, data analytics, cybersecurity, compliance, and software development.

Omantel Innovation Labs

Omantel Innovation Labs

The Omantel Innovation Labs is a platform to enable startups and innovators to develop and commercialize solutions within selected technology verticals including cybersecurity.

Sentar

Sentar

Sentar is a cyber intelligence company, applying advanced analytics and systems engineering expertise to protect our national security by securing mission-critical assets.

Oxylabs

Oxylabs

Oxylabs is the largest datacenter proxy pool in the market, with over 2 million proxies. Designed for high-traffic, fast web data gathering while ensuring superior performance.

Secur-Serv

Secur-Serv

Secur-Serv is a security-first managed services provider. We provides Managed IT, Managed Print, Managed Device, and Cybersecurity services to companies of every size.

Scribe Security

Scribe Security

Scribe security provides end-to-end software supply chain security solutions.

Sword Group

Sword Group

Sword is a leader in data insights, digital transformation and technology services with a substantial reputation in complex IT, business projects and mission critical operations.

SysGroup

SysGroup

SysGroup is an award-winning managed IT services, cloud hosting, and IT consultancy provider.