Dept.

of Science and Technology, Government of

Madhya Pradesh
 Who We
Are?
The MP-Computer Emergency Response Team (MP-CERT) is an organization operating
within the Department of Science and Technology, Government of Madhya Pradesh
since December 14, 2022. Its primary purpose is to serve as a dedicated response
centre for handling and managing cyber-related incidents within the state.

Missio
n• Promoting
state.
cybersecurity awareness and best practices within the

• Providing technical support and guidance to M.P. government

organizations to enhance computer security.
• Monitoring and tracking cyber activities within the state to address
and mitigate security threats.
• Publishing advisories, guidelines, and technical documents to
educate and inform constituents about emerging threats and
security measures.
 OBJECTIVES
MP-CERT is responsible for coordinating and managing computer security incidents
promptly and effectively. This includes support and guidance to users on activities such as
containment, eradication, and recovery.

• MP-CERT offers technical advice and guidance to system administrators and users to
enhance computer security measures.

• The team actively monitors and tracks cyber activities within the state to identify and
address potential security issues.

• MP-CERT plays a crucial role in creating cybersecurity awareness by educating the cyber
community about best practices and safe online behaviours.

• MP-CERT communicates with its constituents by publishing advisories, guidelines, and

technical documents that provide valuable information on cybersecurity threats and
countermeasures.
 FUNCTIONS OF MPCERT
These functions and responsibilities demonstrate MP-CERT's commitment to enhancing cyber security,
responding to incidents, coordinating with relevant authorities, and promoting cyber security awareness
within the state of Madhya Pradesh.

Improve Cyber Security Guidance and Advisory

within the State Implementation

Incident Response & Threat Cyber Crisis

Management Management

National & International Coordination with CERT-

Collaboration In

Development of SOPs and Decision-Making

Policies Authority
WHY CYBERSECURITY IS CRUCIAL TODAY?
In 2023, CERT-In managed a staggering 1,592,917 incidents of cyber abuse, encompassing a
range of threats such as website intrusions, malware propagation, malicious code, phishing
attempts, Distributed Denial of Service (DDoS) attacks, website defacements, unauthorized
network scanning, and ransomware attacks. The rising frequency of these cyber threats has
resulted in significant economic losses, underscoring the urgent need for increased awareness
and proactive measures to combat such risks.
Abuse Statistics, 2023
Vulnerable 941592
Services
Unauthorized Network
447720
Scanning /Probing

Source: https://www.cert-in.org.in/
Virus/ Malicious Code 184131

Website Defacements 10665

Website Intrusion & Malware

1045
Propagation

Phishing 869

Others 6895
 INTRODUCTION TO CYBER SECURIT
Cyber security refers to the practice of protecting computers, networks, programs, and data from digital
attacks, theft, damage, or unauthorized access. It involves various measures, technologies, and strategies
that are used to safeguard sensitive information and ensure the integrity, confidentiality, and availability of
data and systems.
Importance of cyber
security
Personal Life Professional Life
Protection of Personal Protection of Corporate Data
Data
Preventing Identity Theft Safeguarding Against
Cyberattacks
Securing Online Compliance with Regulations
Transactions
Privacy Protection Protection from Insider Threats

Safe Use of Devices Securing Remote Work

 Phishing scams trick individuals into
Insider threats involve Phishing revealing sensitive information by
employees or contractors Scams masquerading as trustworthy entities.
misusing their access to harm
the organization or steal data.

Insider
TYPES OF Malware Malware is malicious software
Threats
CYBER designed to harm, exploit, or
otherwise compromise devices and
THREATS networks.

DDoS attacks overwhelm a

network with traffic, making
services unavailable to users. Ransomwar
DDoS
e Ransomware encrypts a victim's data,
Attacks
demanding payment for its release.
 WHAT ARE PHISHING
SCAMS?
Fraudsters often create third-party phishing websites that closely resemble
genuine websites, such as those of banks, e-commerce platforms, or search
engines.
These fraudulent links are shared through various channels, including SMS, social
media, email, and instant messaging.
Unfortunately, many users click on these phishing links without checking the
Uniform Resource Locator (URL) and subsequently enter sensitive information
such as Personal Identification Numbers (PINs), One-Time Passwords (OTPs), and
passwords. This information is then captured and exploited by the fraudsters.
Prevention
➢ Do not click on unknown / unverified links sent by unknown or suspicious sender
Tips:
➢ Immediately delete any suspicious SMS or Email to avoid mistakenly accessing them in future
➢ Always check for the authenticity of the website links before clicking them. Check for the secure sign
(https with a padlock symbol) on the website before entering secure credentials.
➢ Visit the official website of your bank / service provider for any query or service request
➢ Check URLs and domain names received in emails for spelling errors.
➢ In case of suspicion, contact the cyber security department or connect through CHAKSHU mobile app.
 METHODS OF MALWARE
ATTACKS
Although many users presume malware threats attack desktop computers and laptops only,
from the perspective of the most widely accepted malware meaning, they infect several types
of endpoints as well including, mobile phones, mobile devices, the Internet of Things (IoT). and
other connected products that may be sitting on a corporate network with old and vulnerable
operating systems.
The ways that malware can infiltrate and spread through networks continues
to expand along with the threat vectors in the digital landscape, including the
following:
1.Unsecure devices (mobile, PCs, IoT) can introduce malware.
2.Vulnerable supply chain or third-party networks can spread infections.
3.Older devices with outdated software may compromise the network.
4.Malicious email attachments can disseminate malware.
5.Phishing emails can trick users into sharing passwords, allowing malware access.
6.Smishing texts can mislead users into clicking malware links.
7.File servers can spread malware through infected file downloads.
8.File-sharing software can replicate malware onto removable media.
9.P2P file sharing may distribute malware via infected files.
10.Network vulnerabilities can allow remote hacking access.
 HOW DOES RANSOMWARE
WORK? Ransomware operates by infiltrating a computer system, often without
the user's knowledge. Once it gains access, the malicious software begins
to compromise files and may alter user credentials discreetly.
Consequently, the computer's infrastructure is effectively held hostage by
the individual controlling the malware.
Ransomware dates back to the 1980s but did not become widespread
news until the early 2000s. Today, ransomware attacks are the third-most used
cyber attack method, accounting for over 10% of all data breaches .

To prevent ransomware damage, implement these best

practices:

• Provide cybersecurity awareness training to employees.

• Use strong user authentication methods, including multi-factor
authentication.
• Maintain backups of critical data in non-networked locations and test
them regularly.
• Segment networks to limit lateral movement during breaches.
• Regularly update and patch software to avoid security incidents.
 TYPES OF DDOS
Volume-based attacks: These attacks use extensive amounts of fake
ATTACKS
traffic to swamp an online resource, like a server or website. The volume of
the attack is measured in bits per second.

Protocol or network-layer attacks: These attacks send enormous

packets to network infrastructure and infrastructure management tools.
Their size is measured in packets per second (PPS) and includes Smurf DDoS
attacks (network-layer attacks designed to flood a targeted server with error
messages) and SYN floods (which tie up networks with half-opened
connection requests).

Application-layer attacks: These attacks are equivalent to volume-based

attacks but are operated by flooding applications with malicious requests.
DDoS Attack Prevention and
Their size is calculated in requests per second (RPS).
Protection Tips detection systems to supervise and alert for unusual traffic.
• Use firewalls or intrusion
• Protect internet-facing devices, install antivirus software, and configure firewalls against DoS attacks.
• Have a response team with defined roles for data centers and IT teams during external attacks.
• Create and practice a disaster recovery plan for DoS attacks, covering communication, mitigation, and
recovery.
• Regularly update organizational systems to fix bugs and detect threats early, preventing DDoS attacks on
 TYPES OF INSIDER
THREATS
Collusive Malicious
threats threats

Intentional Third-party Unintentional

threats threats threats
Best Practices for Insider Threat
Prevention:
➢ Set a Security Policy
➢ Implement a Threat Detection Governance Program
➢Secure Your Infrastructure
➢ Map Your Exposure
➢ Set Up Strong Authentication Measures
 IDENTIFICATION OF CYBER THREATS
Cyber threats refer to malicious activities aimed at damaging, stealing, or compromising digital
information and systems. These threats can take various forms, including malware, phishing attacks,
ransomware, and data breaches.

Timely identification of cyber threats is crucial for several reasons:

1.Prevention of Damage: Early detection can prevent significant harm to systems and data,
reducing the risk of financial loss and reputational damage.
2.Minimizing Downtime: Identifying threats quickly can help organizations respond effectively,
ensuring that systems remain operational and minimizing disruption to services.
3.Protecting Sensitive Information: Prompt identification helps safeguard personal and sensitive
information from being exploited by cybercriminals.
4.Regulatory Compliance: Many industries are subject to regulations that require prompt reporting
and management of cyber threats. Timely identification helps organizations remain compliant.
5.Strengthening Security Posture: Recognizing threats early allows organizations to refine their
security measures and improve their overall defenses against future attacks.
By staying vigilant and responsive to cyber threats, we can protect ourselves and our digital
 CYBER SECURITY FOR EVERYONE
As more aspects of our personal lives are conducted online, from banking and shopping to socializing and
working, the importance of cybersecurity for individuals has never been more critical. Protecting your
personal information, devices, and online activities is essential to prevent identity theft, financial fraud,
privacy violations, and cyberattacks.

01 02 03 04 05 06 07 08 09 10

Use Should Do not Beware of Secure Regularl Practice Ensure Be

Backup
Strong, regularly use Phishing Your y Safe to install Aware of
Your
Unique update unknown Scams and Devices Monitor Social antivirus IoT
Data
Password system WIFI or Social with Your Media on your Device
Regularl
s software hot spot Engineerin PINs/ Financial Habits devices Security
y
g Password Accounts
s
 C Y B E R S E C U R I T Y AT T H E W O R K P L A C E
In today’s digital age, businesses face constant threats from cybercriminals looking to exploit
vulnerabilities. Cybersecurity at the workplace is essential to safeguard sensitive data, maintain
business continuity, and protect the reputation of an organization. It is not just the responsibility of IT
teams but should be embraced by everyone in the organization. A single breach can have catastrophic
consequences for both the company and its employees.
01 Implement Strong Access Controls

02 Install and update antivirus and anti-malware software on all

devices
03 Maintain Software and System Updates

04 Install firewalls and intrusion detection/prevention systems (IDS/IPS)

05 Use strong passwords for your logins

06 Encrypt email communications and sensitive data

07 Implement secure file-sharing protocols

08 Restrict use of personal devices at workplace

09 Promote clean desk and clear screen policies for all

employee
10 Manage Third-Party and Vendor Access
➢ Use strong passwords and do ➢ Do not use default
not share with others. passwords.
➢ Keep software updated. ➢ Do not keep webcam on.
➢ Be cautious with personal ➢ Do not use public Wi-Fi for
information. sensitive activities.
➢ When conducting online ➢ Don't use the same password
transactions, ensure
website URL begins with 'https'
and shows a padlock icon.
the
Do’s across multiple accounts.
➢ Do not click on suspicious
links.
➢ Frequently back up important
files to an external hard drive or Don’t ➢ Don't download software
from untrusted sources.

s
a secure cloud service to ➢ Don't leave devices
prevent data loss. unattended.
➢ Always scan files downloaded ➢ Don't open unknown
from the internet before attachments or attachment
opening them to check for from unknown source.
malware. ➢ Ensure all electronic devices,
➢ Log Off After Use. including USB drives, are
➢ Maintain reputable antivirus. secured and scanned for
➢ Be watchful for shoulder malware.
surfers.
 REAL WORLD
SCENARIOS
Story 1: "The Invisible
Invader"
Let's meet Ravi, a bright employee at ABC Corp. One day, Ravi received an
email with a link saying, “Check out this cool video!” Excited, Ravi clicked the
link without a second thought. But little did Ravi know, this click was about to
unleash a hidden
The malware, likevillain - Malware!
an invisible invader, sneaked into Ravi's computer. It started
to gather secret information and even spread to other computers in the
network. But how did this happen?
The email was not from a friend, but from a cyber villain, cleverly
disguised. The link was a trap, and the 'cool video' was actually a
malware attack in disguise!
reallyygreatsite.com

LESSON LEARNED:

1. Always Be Suspicious: If an email looks too good to be true, it probably

is. Like a detective, question everything.
2. Look Before You Leap: Before clicking on any link, hover over it to see
where it leads. Think of it like checking for traps before stepping.
3. Keep Your Shields Up: Use antivirus software as your shield. It helps in
catching these invisible invaders.
 REAL WORLD
SCENARIOS
Story 2: "The Ransomware
Reckoning"
Ankur clicked on a link in an email, and suddenly, his files were locked,
with a message demanding payment to unlock them – a classic
ransomware attack. But instead of panicking, Ankur remembered the
protocol.
He immediately disconnected his computer from the internet and
intranet and reported the incident. The IT team swung into action,
containing the threat and restoring data from backups.
Ankur's quick thinking and the team's preparedness turned a
potential disaster into a manageable incident.

LESSON LEARNED:
reallyygreatsite.com
1.Be Wary of Unknown Links and Downloads: Avoid clicking on suspicious
links or downloading unverified attachments.
2.Immediate Response to Threats: Quickly isolate affected systems and
inform IT security in case of a suspected attack.
3.Don’t turn off the system: Do not switch off the computer till evidence
for analysis have been taken by authorized team.
4.Regular Backups and Recovery Plans: Ensure regular backups of critical
data and have a recovery plan in place.
 Overview of CISO
Portal
With the rapid digitalization of functions and processes in government and government
organizations, the need to adopt secure cyber practices has become essential. As a result, Chief
Information Security Officers (CISOs) are being appointed in every government department.
These CISOs will be responsible for identifying and documenting the Information Security (IS)
requirements that arise from various sources, such as:
(a) An assessment of risks (RA) to the organization in the
context of its business strategy and objectives. This
process identifies threats to the organization’s
information assets, evaluates vulnerabilities and the
likelihood of occurrence, and estimates their potential
impact;

(b) The legal, statutory, regulatory, and contractual

requirements that the organization, its trading partners,
contractors, and service providers must fulfill;

(c) The set of principles, objectives, and business

requirements for handling, processing, storing,
communicating, and archiving information that are
developed for Operations Support within the
 HOW TO
-- Select Department --
FIND-- Select Organisation--
Search by Title
CISO?
Search Reset
CISO PORTAL - LOGIN
PAGE
 INTRODUCTION TO
MPSEDC is MPSEDC
empanelled as an IT Security Audit
Organization with CERT-In (Indian Computer Emergency
Response Team). It is the first organization in Madhya
Pradesh and 3rd Government body in the country to have
the CERT-In Empanelment. Indian Computer Emergency
Response Team (CERT-In) is the Government organization
under Ministry of Electronics and Information Technology
and is the national nodal agency for responding to
computer security incidents as and when they occur.
WHAT IS CYBER SECURITY AUDIT?
A cybersecurity audit is a comprehensive evaluation of an organization's digital infrastructure to assess its
security measures, policies, and practices. It is designed to identify vulnerabilities, ensure compliance
with regulations, and provide recommendations to strengthen defenses against cyber threats.
WHY SECURITY AUDIT IS
IMPORTANT?Security audits help identify weaknesses that could be
exploited by cybercriminals. Regular audits ensure
vulnerabilities are discovered before they can be used in
an attack, providing vital protection for sensitive
information.

Security audits identify potential flaws and vulnerabilities,

helping organisations minimise the risk of devastating
consequences. By addressing weaknesses proactively,
audits protect the company's reputation and customer
loyalty.

With the increasing reliance on web applications for

various services, regular audits ensure systems remain
secure, resilient, and protected against evolving cyber
threats.
 CYBERSECURITY IS A SHARED RESPONSIBILITY
Proactive prevention, ongoing awareness, and quick response to security threats are key in reducing
the risks posed by cybercriminals. By staying vigilant, adopting best practices, and regularly
reviewing security measures, you can protect yourself, your business, and your employees from a
wide array of cyber threats.
IMPORTANT LINKS
https://cert.mp.gov.in/ : Madhya Pradesh Computer Emergency Response Team
 IMPORTANT LINKS
https://www.cert-in.org.in/ : Indian Computer Emergency Response Team
 IMPORTANT LINKS
https://cybercrime.gov.in/ : Filing a Complaint on National Cyber Crime Reporting Portal. Call 1930 for
financial fraud
 IMPORTANT LINKS
https://ceir.gov.in/Home/index.jsp : Central Equipment Identity Register to report lost or stolen
mobile phone
 IMPORTANT LINKS
https://sancharsaathi.gov.in/sfc/ : Chakshu Portal for Reporting Suspected Fraud & Unsolicited Commercial
Communication
 Stay Cyber
Safe!

+91 97132 27771

mpcert@mp.go

v.in
cert.mp.gov

.in
5th Floor, Annexe 3, Secretariat, Vallabh

Bhawan, Bhopal-462004
 For regular updates and
information, follow our social
media channels
mp_cert

MPcert

@cert_mp