Cybercrime and Cyberlaw

Malware

Definition:-

Malware is a general term that covers a wide variety of different types of malicious software (which is
where the name “malware” comes from). Different types of malware are designed to achieve different
purposes, including everything from breaching sensitive data to causing damage to computers.Hostile,
intrusive, and intentionally nasty, malware seeks to invade, damage, or disable computers, computer
systems, networks, tablets, and mobile devices, often by taking partial control over a device’s operations.
Like the human flu, it interferes with normal functioning.

Motive :-

The motives behind malware vary. Malware can be about making money off you, sabotaging your ability
to get work done, making a political statement, or just bragging rights. Although malware cannot
damage the physical hardware of systems or network equipment (with one known exception—see the
Google Android section below), it can steal, encrypt, or delete your data, alter or hijack core computer
functions, and spy on your computer activity without your knowledge or permission.

How can you get infected by Malware (Malware Attack Vulnerabilities):-

Malware can penetrate your computer when (deep breath now) you surf through hacked websites, view
a legitimate site serving malicious ads, download infected files, install programs or apps from unfamiliar
provide, open a malicious email attachment (malspam), or pretty much everything else you download
from the web on to a device that lacks a quality anti-malware security application.

Malicious apps can hide in seemingly legitimate applications, especially when they are downloaded from
websites or direct links (in an email, text, or chat message) instead of an official app store. Here it’s
important to look at the warning messages when installing applications, especially if they seek
permission to access your email or other personal information.

Detection of Malware (Symptoms of Malware Attack) :-

Malware can reveal itself with many different aberrant behaviors. Here are a few telltale signs that you
have malware on your system:

· Your computer slows down. One of malware’s side effects is to reduce the speed of your
operating system (OS), whether you’re navigating the Internet or just using your local
applications, usage of your system’s resources appears abnormally high. You might even notice
your computer’s fan whirring away at full speed—a good indicator that something is taking up
system resources in the background.
 · Your screen is inundated with annoying ads. Unexpected pop-up ads are a typical sign of a
malware infection. They’re especially associated with a form of malware known as adwareYour
system crashes. This can come as a freeze or a BSOD (Blue Screen of Death), the latter occurs on
Windows systems after encountering a fatal error.

· You notice a mysterious loss of disk space. This could be due to a bloated malware squatter,
hiding in your hard drive aka bundleware.

· Your browser settings change. If you notice your homepage changed or you have new toolbars,
extensions, or plugins installed, then you might have some sort of malware infection. Causes
vary, but this usually means you clicked on that “congratulations” pop-up, which downloaded
some unwanted software.

· Your antivirus product stops working and you cannot turn it back on, leaving you unprotected
against the sneaky malware that disabled it.

· You lose access to your files or your entire computer. This is symptomatic of a ransomware
infection.

Types of Malware :-

Adware is unwanted software designed to throw advertisements up on your screen, most often within a
web browser. Typically, it uses an underhanded method to either disguise itself as legitimate, or
piggyback on another program to trick you into installing it on your PC, tablet, or mobile device.

Spyware is malware that secretly observes the computer user’s activities without permission and reports
it to the software’s author.

A virus is malware that attaches to another program and, when executed—usually inadvertently by the
user—replicates itself by modifying other computer programs and infecting them with its own bits of
code.

Worms are a type of malware similar to viruses. Like viruses, worms are self-replicating. The big
difference is that worms can spread across systems on their own, whereas viruses need some sort of
action from a user in order to initiate the infection.

A Trojan, or Trojan horse, is one of the most dangerous malware types. It usually represents itself as
something useful in order to trick you. Once it’s on your system, the attackers behind the Trojan gain
unauthorized access to the affected computer. From there, Trojans can be used to steal financial
information or install other forms of malware, often ransomware.

Ransomware is a form of malware that locks you out of your device and/or encrypts your files, then
forces you to pay a ransom to regain access. Ransomware has been called the cybercriminal’s weapon of
choice because it demands a quick, profitable payment in hard-to-trace cryptocurrency.
Rootkit is a form of malware that provides the attacker with administrator privileges on the infected
system, also known as “root” access. Typically, it is also designed to stay hidden from the user, other
software on the system, and the operating system itself.

A keylogger is malware that records all the user’s keystrokes on the keyboard, typically storing the
gathered information and sending it to the attacker, who is seeking sensitive information like usernames,
passwords, or credit card details.

Malicious cryptomining, also sometimes called drive-by mining or cryptojacking, is an increasingly

prevalent malware usually installed by a Trojan. It allows someone else to use your computer to mine
cryptocurrency like Bitcoin or Monero. So instead of letting you cash in on your own computer’s
horsepower, the cryptominers send the collected coins into their own account and not yours. Essentially,
a malicious cryptominer is stealing your resources to make money.

Exploits are a type of malware that takes advantage of bugs and vulnerabilities in a system in order to
give the attacker access to your system. While there, the attacker might steal your data or drop some
form of malware. A zero-day exploit refers to a software vulnerability for which there is currently no
available defense or fix.

Malware attack on mobile symptoms :-

A sudden appearance of pop-ups with invasive advertisements. If they appear out of nowhere and send
you to sketchy websites, you’ve probably installed something that hides adware within it. It suffices to
say—don’t click on these ads.

A puzzling increase in data usage. Malware chews up your data plan by displaying ads and sending out
the purloined information from your phone.

Bogus charges on your bill. This happens when malicious software makes calls and sends texts to
premium numbers.

Your battery runs down quickly. Malware is a resource burden, gulping down your battery’s juice faster
than normal.

Your contacts receive strange emails and texts from your phone. Mobile malware often spreads from one
device to another by means of emails and texts containing malicious links.

Your phone is hot. A phone generally means the processor is being taxed by a lot of resource intensive
activity. Malware? Possibly. The Loapi Trojan can push the processor to the point of overheating the
phone, which makes the battery bulge, leaving your phone for dead.

Apps you didn’t download. Sometimes you download seemingly legitimate apps that have malware
buried in the code. This malware, in turn, downloads other malicious apps. It helps to stick to trusted
apps from known sources, but even the Google Play store itself has dozens of malicious apps sneak
through every year.

Wi-Fi and Internet connections turn themselves on. This is another way malware propagates, ignoring
your preferences and opening up infection channels.

Example of Malware Attack :-

· ILOVEYOU worm (2000) :- The malware so cleverly took advantage of a number of flaws in
Windows 95—especially the fact that Windows automatically hid the file extensions of email
attachments so people didn't realize they were launching executable files—that it spread like
wildfire, and soon millions of infected computers were sending out copies of the worm and
beaming passwords back to a Filipino email address. It also erased numerous files on target
computers, causing millions of dollars in damage and briefly shutting down the U.K. Parliament's
computer system.

· MyDoom worm (2004) :- The Mydoom worm infected computers via email, then took control of
the victim computer to email out more copies of itself, and did it so efficiently that at its height it
accounted for a quarter of all emails sent worldwide, a feat that's never been surpassed. The
infection ended up doing more than $35 billion in damages, which, adjusted for inflation, has
also never been topped. In addition to mailing out copies of the worm, infected computers were
also used as a botnet to launch DDoS attacks on the SCO Group (a company that aggressively
tried to claim intellectual property rights over Linux) and Microsoft, which led many to suspect
some rogue member of the open source community.

· Mirai botnet (2016) :- The Mirai botnet was actually similar to some of the early malware we
discussed because it exploited a previously unknown vulnerability and wreaked far more havoc
than its creator intended. In this case, the malware found and took over IoT gadgets (mostly
CCTV cameras) that hadn't had their default passwords changed.

Ransomeware Attack

Ransomware is a type of malware attack in which the attacker locks and encrypts the victim’s data,
important files and then demands a payment to unlock and decrypt the data.

This type of attack takes advantage of human, system, network, and software vulnerabilities to infect the
victim’s device—which can be a computer, printer, smartphone, wearable, point-of-sale (POS) terminal,
or other endpoint.

Ransomware Attack example :-

WannaCry
WannaCry is an entrypting ransomware that exploits a vulnerability in the Windows SMB protocol, and
has a self-propagation mechanism that lets it infect other machines. WannaCry is packaged as a dropper,
a self-contained program that extracts the encryption/decryption application, files containing encryption
keys, and the Tor communication program. It is not obfuscated and relatively easy to detect and remove.

Cerber

Cerber is ransomware-as-a-service (RaaS), and is available for use by cybercriminals, who carry out
attacks and spread their loot with the malware developer. Cerber runs silently while it is encrypting files,
and may try to prevent antivirus and Windows security features from running, to prevent users from
restoring the system. When it successfully encrypts files on the machine, it displays a ransom note on the
desktop wallpaper.

Cryptolocker

Cryptolocker was released in 2017, and affected over 500,000 computers. It typically infects computers
through email, file sharing sites, and unprotected downloads. It not only encrypts files on the local
machine, but can also scan mapped network drives, and encrypt files it has permission to write to. New
variants of Crypolocker are able to elude legacy antivirus software and firewalls.

Ryuk

Ryuk infects machines via phishing emails or drive-by downloads. It uses a dropper, which extracts a
trojan on the victim’s machine and establishes a persistent network connection. Attackers can then use
Ryuk as a basis for an Advanced Persistent Threat (APT), installing additional tools like keyloggers,
performing privilege escalation and lateral movement. Ryuk is installed on each additional system the
attackers gain access to.

How does Ransomeware work ?

It is a seven step process by which Ransomware work.

Infection—Ransomware is covertly downloaded and installed on the device.

Execution—Ransomware scans and maps locations for targeted file types, including locally stored files,
and mapped and unmapped network-accessible systems. Some ransomware attacks also delete or
encrypt any backup files and folders.

Encryption—Ransomware performs a key exchange with the Command and Control Server, using the
encryption key to scramble all files discovered during the Execution step. It also locks access to the data.
(See Figure 2.)

User Notification—Ransomware adds instruction files detailing the pay-for-decryption process, then
uses those files to display a ransom note to the user.
Cleanup—Ransomware usually terminates and deletes itself, leaving only the payment instruction files.

Payment—Victim clicks a link in the payment instructions, which takes the victim to a web page with
additional information on how to make the required ransom payment. Hidden TOR services are often
used to encapsulate and obfuscate these communications to avoid detection by network traffic
monitoring.

Decryption—After the victim pays the ransom, usually via the attacker’s Bitcoin address, the victim may
receive the decryption key. However, there is no guarantee the decryption key will be delivered as
promised.

Ransomware Distribution Technique

Phishing Email:- Clicking a link embedded in emai which will redirect to phishing page.

Email Attachments:-Opening email attachments and enabling mallicious macros or downloaading

document embedded with Trojan Horse.

Social media:- Clicking mallicious link on Facebook, Twitter, social media posts.

Malvertising:- Clicking legitimate advertizing site seeded with mallicious code.

Drive-by infections:- Visiting an unsafe, suspicious, or fake web page; or opening or closing a pop-up.

Traffic Distribution System (TDS):-Clicking a link on a legitimate gateway web page that redirects the
user to a malicious site, based on the user’s geo-location, browser, operating system, or other filter.

Self-propagation:-Spreading the malicious code to other devices through network and USB drives.

Ransomware Protection

Here are several best practices that can help you prevent and protect against Ransomware infections in
your organization:

Endpoint Protection

Antivirus is an obvious first step in ransomware protection, but legacy antivirus tools can only protect
against some ransomware variants.

Data Backup

Regularly backup data to an external hard-drive, using versioning control and the 3-2-1 rule (create three
backup copies on two different media with one backup stored in a separate location).

Patch Management
Keep the device’s operating system and installed applications up-to-date, and install security patches.
Run vulnerability scans to identify known vulnerabilities and remediate them quickly.

Email Protection

Train employees to recognize social engineering emails, and conduct drills to test if employees are able
to identify and avoid phishing. Use spam protection and endpoint protection technology to automatically
block suspicious emails, and block malicious links if user does end up clicking on them.

Network Defenses

Use a firewall or web application firewall (WAF), Intrusion Prevention / Intrusion Detection Systems
(IPS/IDS), and other controls to prevent ransomware from communicating with Command & Control
centers.

Ransomware Detection

Use real-time alerting and blocking to automate identifying ransomware-specific read/write behavior
and then blocking users and endpoints from further data access.

Use deception-based detection, which strategically plants hidden files on file storage systems to identify
ransomware encryption behaviors at the earliest attack stage. Any write/rename actions on the hidden
files automatically triggers a block of the infected user or endpoint, while continuing to allow access by
uninfected users and devices.

Use granular reporting and analysis to provide detailed audit trail support for forensic investigations into
who, what, when, where, and how users access files.

Zero Click Attack

A “zero-click attack” sounds ominous, but are you and your devices at risk? Let’s go over what a zero-
click attack is, why they’re so concerning, and what you can do to protect yourself.

As the name implies, a zero-click cyberattack can compromise a device without any action from its
owner. Whereas other attack methods—phishing or smishing, for example—rely on social engineering to
trick people into clicking bad links or initiating a seemingly legit download, zero-click attacks use existing
vulnerabilities in operating systems to get around that entirely.

Zero-click attacks are so pernicious because they are basically invisible; all an attacker needs to do is send
it to your phone or device—no click or tap needed on your part. Victims are usually unaware anything is
happening, so attackers can take their time poking around your device.

The most notable zero-click attack of late is the Pegasus software from Israeli firm NSO Software. It’s
made headlines for years, with the University of Toronto’s Citizen Lab highlighting attacks on iOS and
Android devices in 2018 and again in 2021. Though NSO denies(Opens in a new window) any
wrongdoing, Citizen Lab says Pegasus is used by clients to spy on activists and other high-profile officials.
In December, Google's Project Zero team published a technical analysis of the so-called FORCEDENTRY
exploit that was used by NSO Group to infect target iPhones with its Pegasus spyware via iMessage.

Working of Zero Click Attack

Zero-click attacks exploit existing loopholes in the data-verification function of apps and operating
systems. Any system that parses data it receives to see if that data can be trusted is vulnerable to a zero-
click attack. Attackers send bad code via email or messaging apps inside something that appears
innocuous to the system, like a PDF, hidden image, or text message.

A real-world example of this could be a vulnerability in an email messaging app on your phone. If a
malicious hacker finds the vulnerability, all they’d have to do is send you an email message containing
their bad code. Once the email is received, that code activates and infects the target phone, giving the
hacker access to all the emails on your device. Even if the original email is deleted, the infection persists.
And since we all delete emails we’ve read or don’t recognize, chances are there won’t be any trace of the
attack left on your phone for very long.

Malicious hacking groups often develop tools to take advantage of zero-click vulnerabilities and sell them
for millions on the black market. Because of their nearly untraceable nature, zero-clicks are often
employed at the nation-state level by government agencies in espionage operations.

Prevention against Zero Click Attack

· The stealth nature of zero-click attacks makes them difficult to avoid if you’re a target. But there
are cyber-security measures you can take to protect yourself in general.

· First, keep your apps and systems updated regularly. Software manufacturers will patch
vulnerabilities as soon as possible once they become aware that the bugs exist. Routine updates
often contain these fixes and only take a couple minutes to install.

· Meanwhile, pay close attention to the developers of the apps you install. If there’s no
information about the manufacturer listed, the app has no reviews, or the developer hasn’t been
verified by the app store, odds are it’s fishy and you should steer clear.

· Whenever possible, use multi-factor authentication to access important sites, email, and social
media. And we’ve all heard it by now, but it bears repeating: Don’t use the same password you
came up with in high school for every account. Password managers can help you select a strong
master passcode, and store the rest so you don’t have to remember 50 passwords.

· It’s also a good idea to routinely purge apps you don’t use anymore from your phone, or at the
very least remove any permissions you’ve granted them so they can’t automatically access other
parts of your phone like the camera or media library.
 · Use extensions to block pop-ups and spam, or configure your browser settings to keep them
away, as attackers often use them to spread malware. Good anti-malware and antivirus
protection can’t hurt either, so get the best you can and run regular scans.

· If your job involves the handling of sensitive information, you may want to keep two phones: one
for work and one for personal use. That way, if one is compromised, you won’t lose all your data.
No matter your profession, it’s a good idea to regularly back up all your data and files, and store
them separately from your main hard drive. In the event of a ransomware attack, you’ll then be
able to recover your data, even if you have to scrap your PC.

Zero Day Attack

"Zero-day" is a broad term that describes recently discovered security vulnerabilities that hackers can
use to attack systems. The term "zero-day" refers to the fact that the vendor or developer has only just
learned of the flaw – which means they have “zero days” to fix it. A zero-day attack takes place when
hackers exploit the flaw before developers have a chance to address it.

A zero-day vulnerability is a software vulnerability discovered by attackers before the vendor has become
aware of it. Because the vendors are unaware, no patch exists for zero-day vulnerabilities, making attacks
likely to succeed.

A zero-day exploitis the method hackers use to attack systems with a previously unidentified
vulnerability.

A zero-day attack is the use of a zero-day exploit to cause damage to or steal data from a system affected
by a vulnerability.

Working of Zero day attack

Sometimes hackers or malicious actors spot the vulnerability before the software developers do. While
the vulnerability is still open, attackers can write and implement a code to take advantage of it. This is
known as exploit code.

The exploit code may lead to the software users being victimized – for example, through identity theft or
other forms of cybercrime. Once attackers identify a zero-day vulnerability, they need a way of reaching
the vulnerable system. They often do this through a socially engineered email – i.e., an email or other
message that is supposedly from a known or legitimate correspondent but is actually from an attacker.
The message tries to convince a user to perform an action like opening a file or visiting a malicious
website. Doing so downloads the attacker’s malware, which infiltrates the user’s files and steals
confidential data.

When a vulnerability becomes known, the developers try to patch it to stop the attack. However, security
vulnerabilities are often not discovered straight away. It can sometimes take days, weeks, or even
months before developers identify the vulnerability that led to the attack. And even once a zero-day
patch is released, not all users are quick to implement it. In recent years, hackers have been faster at
exploiting vulnerabilities soon after discovery.

Zero-day attacks are especially dangerous because the only people who know about them are the
attackers themselves. Once they have infiltrated a network, criminals can either attack immediately or sit
and wait for the most advantageous time to do so.

Who carries out zero day attack ?

Cybercriminals – hackers whose motivation is usually financial gain

Hacktivists – hackers motivated by a political or social cause who want the attacks to be visible to draw
attention to their cause

Corporate espionage – hackers who spy on companies to gain information about them

Cyberwarfare – countries or political actors spying on or attacking another country's cyberinfrastructure

Zero day attack identification

Using existing databases of malware and how they behave as a reference. Although these databases are
updated very quickly and can be useful as a reference point, by definition, zero-day exploits are new and
unknown. So there’s a limit to how much an existing database can tell you.

Alternatively, some techniques look for zero-day malware characteristics based on how they interact
with the target system. Rather than examining the code of incoming files, this technique looks at the
interactions they have with existing software and tries to determine if they result from malicious actions.

Increasingly, machine learning is used to detect data from previously recorded exploits to establish a
baseline for safe system behavior based on data of past and current interactions with the system. The
more data which is available, the more reliable detection becomes.

Zero Day Attack Protection

For zero-day protection and to keep your computer and data safe, it’s essential for both individuals and
organizations to follow cyber security best practices. This includes:

Keep all software and operating systems up to date. This is because the vendors include security patches
to cover newly identified vulnerabilities in new releases. Keeping up to date ensures you are more
secure.
Use only essential applications. The more software you have, the more potential vulnerabilities you have.
You can reduce the risk to your network by using only the applications you need.

Use a firewall. A firewall plays an essential role in protecting your system against zero-day threats. You
can ensure maximum protection by configuring it to allow only necessary transactions.

Within organizations, educate users. Many zero-day attacks capitalize on human error. Teaching
employees and users good safety and security habits will help keep them safe online and protect
organizations from zero-day exploits and other digital threats.

Use a comprehensive antivirus software solution .Kaspersky Total Security helps to keep your devices
secure by blocking known and unknown threats.

IT Act 2000

The Act defines various offences related to breach of data and privacy of an individual and provides
punishment or penalties for them. It also talks about intermediaries and regulates the power of social
media. With the advancement of technology and e-commerce, there has been a tremendous increase in
cyber crimes and offences related to data and authentic information. Even the data related to the
security and integrity of the country was not safe, and so the government decided to regulate the
activities of social media and data stored therein. The article gives the objectives and features of the Act
and provides various offences and their punishments as given in the Act.

The Act is divided into 13 chapters, 90 sections and 2 schedules. The following are the chapters under
the Act:

· Chapter 1 deals with the applicability of the Act and definitions of various terminologies used in
the Act.

· Chapter 2 talks about digital and electronic signatures.

· Electronic governance and electronic records are given under Chapters 3 and 4 respectively.

· Chapter 5 is related to the security of these records and Chapter 6 deals with regulations of
certifying authorities.

· Chapter 7 further gives the certificates needed to issue an electronic signature.

· Chapter 8 gives the duties of subscribers and Chapter 9 describes various penalties.

· Chapter 10 provides sections related to the Appellate Tribunal.

· Chapter 11 describes various offences related to breach of data and their punishments.

· Chapter 12 provides the circumstances where the intermediaries are not liable for any offence or
 breach of data privacy.

The final chapter, i.e., Chapter 13 is the miscellaneous chapter.

The 2 schedules given in the Act are:

· Schedule 1 gives the documents and data where the Act is not applicable.

· Schedule 2 deals with electronic signatures or methods of authentication.

Objectives of Information Technology Act, 2000

The Act was passed to deal with e-commerce and all the intricacies involved with digital signatures and
fulfill the following objectives:

· The Act seeks to protect all transactions done through electronic means.

· E-commerce has reduced paperwork used for communication purposes. It also gives legal
protection to communication and the exchange of information through electronic means.

· It protects the digital signatures that are used for any sort of legal authentication.

· It regulates the activities of intermediaries by keeping a check on their powers.

· It defines various offences related to data privacy of citizens and hence protects their data.

· It also regulates and protects the sensitive data stored by social media and other electronic
intermediaries.

· It provides recognition to books of accounts kept in electronic form regulated by the Reserve
Bank of India Act, 1934.

Features of IT Act 2000

Following are the features of the Act:

· The Act is based on the Model Law on e-commerce adopted by UNCITRAL.

· It has extra-territorial jurisdiction.

· It defines various terminologies used in the Act like cyber cafes, computer systems, digital
signatures, electronic records, data, asymmetric cryptosystems, etc under Section 2(1).

· It protects all the transactions and contracts made through electronic means and says that all
such contracts are valid. (Section 10A)
 · It also gives recognition to digital signatures and provides methods of authentication.

· It contains provisions related to the appointment of the Controller and its powers.

· It recognises foreign certifying authorities (Section 19).

· It also provides various penalties in case a computer system is damaged by anyone other than
the owner of the system.

· The Act also provides provisions for an Appellate Tribunal to be established under the Act. All the
appeals from the decisions of the Controller or other Adjudicating officers lie to the Appellate
tribunal.

· Further, an appeal from the tribunal lies with the High Court.

· The Act describes various offences related to data and defines their punishment.

· It provides circumstances where the intermediaries are not held liable even if the privacy of data
is breached.

· A cyber regulation advisory committee is set up under the Act to advise the Central Government
on all matters related to e-commerce or digital signatures.

Punishments under ITAct 2000

Organization against Cyber Crime and Cyber Security

I Overview about the I4C Scheme

II Components of the I4C Scheme

1 National Cybercrime Threat Analytics Unit (TAU)

2 National Cybercrime Reporting Portal (www.cybercrime.gov.in )

3 Platform for Joint Cybercrime Investigation Team

4 National Cybercrime Forensic Laboratory National Cybercrime Forensic Laboratory Ecosystem

5 National Cybercrime Training Centre (NCTC) (www.cytrain.ncrb.gov.in )

6 Cybercrime Ecosystem Management Unit

7 National Cyber Crime Research and Innovation Centre

I. OVERVIEW ABOUT THE I4C SCHEME

Outlay of Rs. 415.86 Crore

To act as a nodal point in the fight against cybercrime

Identify the research problems/needs of LEAs and take up R&D activities in developing new technologies
and forensic tools in collaboration with academia / research institutes within India and abroad

To prevent misuse of cyber space for furthering the cause of extremist and terrorist groups

Suggest amendments, if required, in cyber laws to keep pace with fast changing technologies and
International cooperation

To coordinate all activities related to implementation of Mutual Legal Assistance Treaties (MLAT) with
other countries related to cybercrimes in consultation with the concerned nodal authority in MHA

II. COMPONENTS OF THE I4C SCHEME

National Cybercrime Threat Analytics Unit (TAU)

National Cybercrime Reporting

Platform for Joint Cybercrime Investigation Team

National Cybercrime Forensic Laboratory (NCFL) Ecosystem

National Cybercrime Training Centre (NCTC)

Cybercrime Ecosystem Management Unit

National Cyber Crime Research and Innovation Centre

1. NATIONAL CYBERCRIME THREAT ANALYTICS UNIT (TAU)

Platform for analysing all pieces of puzzles of cybercrimes.

Produce cybercrime threat intelligence reports and organize periodic interaction on specific cybercrime
centric discussions.

Create multi-stakeholder environment for bringing together law enforcement specialists and industry
experts.

2. NATIONAL CYBERCRIME REPORTING

Facilitate reporting of all types of cyber crime incidents with special focus on cyber crime against women
and children .

Automated routing to concerned State/UT based on information furnished in the reported incident for
appropriate action in accordance with law.

Facilitate complainants to view status of action taken on the reported incident.

3. PLATFORM FOR JOINT CYBERCRIME INVESTIGATION

To drive intelligence-led, coordinated action against key cybercrime threats and targets.

Facilitate the joint identification, prioritization, preparation and initiation of multi-jurisdictional action
against cybercrimes.

4. NATIONAL CYBERCRIME FORENSIC LABORATORY (NCFL) ECOSYSTEM

Forensic analysis and investigation of cybercrime as a result of new digital technology and techniques.

A centre to support investigation process. NCFL and associated Central Forensic Science Laboratory to be
well-equipped and well-staffed in order to engage in analysis and investigation activities to keep-up with
new technical developments.

5. NATIONAL CYBERCRIME TRAINING CENTRE (NCTC)

Standardization of course curriculum focused on cybercrimes, impact containment and investigations,

imparting practical cybercrime detection, containment and reporting trainings on simulated cyber
environments.

Development of Massive Open Online Course on a cloud based training platform.

National Cybercrime Training Centre to also focus on establishing Cyber Range for advanced simulation
and training on cyber-attack and investigation of such cybercrimes.

6. CYBERCRIME ECOSYSTEM MANAGEMENT UNIT

Develop ecosystems that bring together academia, industry and government to spread awareness n
cyber crimes, establish standard operating procedures to contain the impact of cybercrimes and respond
to cybercrimes.

Provide support for development of all components of cybercrime combatting ecosystem.

7. NATIONAL CYBER CRIME RESEARCH AND INNOVATION CENTRE

Track emerging technological developments, proactively predict potential vulnerabilities, which can be
exploited by cybercriminals.

To leverage the strength and expertise of all stakeholders, be it in academia, private sector or inter-
governmental organizations.

Create strategic partnerships with all such entities in the area of research and innovation focused on
cybercrimes, cybercrime impact containment and investigations.

NGO for Cyber Crime

CyberPeace Foundation is the world's first non-profit civil society organization and think tank of cyber
and policy experts with the vision of pioneering CyberPeace initiatives to build collective resilience
against cybercrimes & global threats of cyber warfare.

Organization for Cyber Security

Although the CIO, or CISO, still carries primary responsibility for cybersecurity in 85% of organisations (1),
it is the entire organisation and everyone working in the business who holds the secondary responsibility
for it. Cyberattacks can be targeted at anyone in the business.

Security procedures (including disclosure of passwords, third-party use of system, disconnection from
other networks while accessing the organization's systems, use of firewalls and installation of
appropriate software to protect the remote system from malicious attack and multifactor
authentication).