File No.

: PFRDA/33/1/1/0001/2021-ICS INTRDY 15th September 2021

To,

All Stakeholders

Subject: Pension Cyber Spotlight – Quarterly Newsletter

As the economy is becoming more digitized, Cyber security incidents have also grown
manifold with adoption of Digitalization and extensive use of Emerging Technologies such as Internet of Things
(IOT), Artificial Intelligence (AI) and Cloud. The pandemic has further exacerbated the vulnerabilities with
remote working becoming ubiquitous across organizations and digitalization penetrating the Financial
Intermediation activities with rise of digital payments and personal investment through mobile
application/online mode becoming the new normal.
The data breaches, cyber jacking, ransomware attacks and deep fakes across the world have shown the need for
creating awareness and up-skilling among NPS Subscribers and the critical stake holders to protect their
pension wealth, prosperity and reputation.
2. 'PENSION CYBER SPOTLIGHT’ The Quarterly Cyber Security and Technology Newsletter of
PFRDA has been compiled and designed in a lucid way towards the objective of creating much needed
awareness in a rapidly evolving cyber threat scenario, in order to safe guard one's priced assets.

3. ‘Pension Cyber Spotlight – Volume 1’, the first such issue has been attached at Annexure for the
benefit of the stakeholders. The newsletter aims to brief the Financial Industry and Pension Sector
stakeholders on the cyber-security issues and the latest Financial Technology developments.

This bulletin is issued under section 14(2)(j) of PFRDA Act 2013 towards undertaking steps for educating
subscribers and the general public on issues relating pension, retirement savings, and is placed at PFRDA's
website (www.pfrda.org.in) under the ‘Pension Cyber Spotlight’ in the ‘About Us’ section.
The stake holders are welcome and may feel free to write to daulath.khan@pfrda.org.in for any suggestions,
contributions or ideas.

Yours Sincerely,

K Mohan Gandhi
Chief General Manager
(k.mohangandhi@pfrda.org.in)
 PENSI
ON
CYBERSPOTLI
GHT
PFRDA’
SCYBER SECURI
TYAND TECHNOLOGYNEWSLETTER

Vol
ume1|
AUG2021
Wi t
ht heCovidpandemi c,thefinanc ial
CONTENTS
sec t
orandor gani
s ati
onal behav i
our
hav eundergonedr asti
cc hanges .Digit
al
•
Chair
man'smessage
technologyhasper vadedal laspec tsof
•
Focal
Poi
nt ourlivesandthefaç ades epar atingwor k
•
CyberSecur
it
yFunda andhomehasv anished. Int hi
ss cenari
o
t
hechallengestoc ybersecur
it
yhav egr ownmani fold.Wi t
h
•
Pol
icytr
ack f
undsanddat abeings t
oredandt rans f
err
eddi gitall
y,the
•
NewsinCyberSpotl
i
ght f
i
nancialsectorhasbec omeapr imaryt argetf ornumer ous
c
yberatt
acksandc ri
mes .

Thes edev elopmentsnec ess i

t
ateac ont
inuousk nowledge
enhanc ementandc y bersecurityawarenes st
opr eventand
prepareagai nstthec ybert hreatsandpr otects ubscr
i
ber
data.Iti
sapr er
equi
s i
teforthef inanc
ialr
egulat
or s,i
ndustr
y
st
ak eholders and t he s ubs c
riberstok eep thems el
ves
apprisedof thelat
est tr
endsandr egul
ator
ydev elopmentsto
buil
dar esil
ient f
i
nanc i
alsector.

ThePensionCy berSpotl
i
ght newsl
etterthuss eekst
oc ur
ate
t
he rel
evantc ontentwit
h ex per
ti nsightst os at
iat
et he
knowl
edger equi
rementofr eader
s.Ic ongratulat
etheteam
onthel
aunc hofthefi
rstvol
umeofPens ionCy berSpotl
i
ght
andwis
ht hem all
thebestforthef
utureedi t
ions.

Regar
ds,
Shr
iSupr
ati
m Bandhopadhyay
Chai
rman,PFRDA
 Cl
oud Bi
gDa
ta AI I
OT

UPI No.ofI
OTconnect
ionsexpect
ed
30
BHIM
Bi
ll
ion by2025.Al
most4I
OTdevi ces
perper
sononaver
age.

“Busi
nes s, gover nment, and hous ehold
cybersecuri
tyi nfrast
ructur
e and/ormea-
suresareout str
ippedorr enderedobs ol
ete
byincreasi
ngl ys ophist
icat
edandf requent
User’s cyber-
c r
imes ,r
es ult
i
ngi neconomicdis r
up-
Dearthof
di
git
al
Qualif
ied
t
ion,financiallos s,geopol i
ti
caltens i
ons
behaviour,
Cyber Cyber and/ors oci
al i
ns t
abil
it
y.“
Securit
y Securi
ty
Awareness Pr
ofessi
onals
Defi
cit
CyberThreatLandscapei
nIndi
a
Remot e
working,
Poli
cy Cyberat
tacks surged 3-
fol
dto 1.
16 mn
Largeno
ofconnected
Chal
lenges l
astyearinIndia:CERT-IN
devices
Sur
veybySophosLabshasr eportedthe
i
mpactofr
ansomwareat
tacksinIndiahas
t
ri
pl o3.
edt 38mn$in2021.

Themaj ordatabr eachesinIndiawhich

happenedrecentl
yi .
ein2021suchasBi g
Digi
tall
i
teracy,CyberDefenseCapabi l
it
y, Basket
,Domi nos,Upstox,et
c.arear eali
-
and pol i
cy frameworks have l agged
behi
ndt herapidadopt
ionofdi
git
ali
sati
on.
t
ycheckont helevelofcybersecuri
typro-
t
ecti
oninthenat i
on.
This s cenar
io has been s ucci
nct
ly
expressed bythe 2021 Worl
d Economic
Forum GlobalRi
sksReport:
 I
ndi
a’sCyberSecur
ityI
nst
itut
ions
Protecti
ngor gani sati
onsagai nstcost l
y
databr eachesandr esul
tantlossesi n
money and r eput at
ion st
ar t
s with un-
derstanding the f undament als oft he
securit
yinfrastructure.

I
nformati
onSecuri
ty,Cyber
Securi
tyandNetworkSecuri
ty

1.I
nfoSec|2.
CyberSecur
ity|3.
Net
wor
kSecur
ity

I oseci
nf st
helar
gersetprot
ect
inginfo
andinf
osyst
emsinallf
ormsbei tdi
git
al
ornot.

CyberSecurityasubsetofI nf
osec
dealswi
thpr
ot ect
ionofthecyber/di
git
al
spacesf
rom cyber-at
tacks.

NetworkSecur ityisasubsetofCyber
Securi
typrotect
ingt hedat
abeingt
rans-
mitt
edthroughdevi cesfor
m bei
ngint
er-
ceptedorcorrupted.

Thes
et er
msares oc l
osel
yli
nkedthatt
hey
ar
eoftenusedint
erchangeabl
y.However,
t
heyarenotthesameandi tisimport
ant
t
orecogni
sethedif
ferencebetween t
he
t
erms.
 Newsi
nCyberSpot
li
ght Checkpoi
ntSur
veyf
indst
hat anaver
ageof
213 weekl
yransomwar
e at
tacks occurper
or
gani
sat
ion i
nIndi
a. The Sophos sur
vey
Domest
icDat
aBr
eaches f
oundt
hati
nIndi
a,t
heappr
oxi
mat
erecover
y
costf
rom t
hei
mpactofar
ansomwar
eat
tack
BigBasket
Dominos KaseyaAt
tack
Upst
oxandmor e Tout
att
ed as t
ack,t
he lar
he Kaseya at
gest ever Ransomwar
t
ack on July 2nd 2021
e

par alysedhundr edsofbusi nesseswhouset he

Databaseofabout20mi ll
i
onBigBasketuser s product soft heI Tmanagementsof t
warepr o-
wasal l
egedlyleakedonthedarkwebi nApr i
l vider .Thecyber attackhasbeenat tri
butedt o
2021.Thisissaidtobethedataf
rom abr each the REvi l
/Sodinikibi r ansomwar e gr oup.
i
nNovember2020.Bi gBaskethasresponded Kaseya i s centralt o globalsof tware supply
byincorpor
atingOTPbasedmechani sm asan
chai n ser vicing over 40000 or ganisati
ons.
enhancedsecur i
tymeasure.
ManyManagedSer vi ceProviders(MSPs)use
Theat tackonDomi nosexposed18cr oreor der Kaseyapl atf
or mtomanagenet worksofot her
detai
ls pl aced by Indi
an consumer s. The busi nesses whi ch i ncreases the ext ent of
detai
lswer emadepubl i
cbyat t
ackerswhocr e- potent ialdamageexponent i
all
y.
ated a webpage on the darkweb enabling a
simpl
esear chusingMobil
eNos. ,jeopardising How di
dtheat
tackt
akepl
ace?
theprivacyofthecustomers.
Aspert he secur
it
yexper t
swho i nvest
igated
Upstox,one ofI ndia’slargestbrokerage f
irm the at t
ack, zero-day vulnerabi
lit
ies wer e
suff
ered a data breach with hackerssteali
ng exploi
tedbyt heatt
ackerstotr
iggerabypass
dataofar ound25l akhcustomer sandshar ed
authenti
cati
onandupl oadamal ici
ouspayl oad
ondar kweb.Upst oxt ookpr oacti
vemeasur es
byalerti
ngt hecustomer softhehackandi nit
i- asasof t
war eupdatewhichisaREvi lRansom-
atedmul t
ipl
esecur ityenhancement s. ware.

Thesebr eachesrai
seconsider
ableuserpri
va-
cy concerns and negat
ivel
yinfl
uence publ
ic
tr
ust.
Bewar
eoff
akeSMS&Apps
I
nMa y2 02 1,CERT -
Inissueda nadvi-
sor
y wa rni
nga boutfakea ppst hat
Ransomwar
eat
tacks wereb ei
ngs p r
ea dthr
ough SMS.As
perthea dvi
sorythesea ppso nb ei
ng
i
nstal
leds preadt othev i
c t
im’sc on-
RansomwareAtt
acks t
actsviaSMSa n dal
sog ainu nneces-
sar
yp ermissi
ont oaccessu serdata.
inI
ndia
Resear
chbyt
wol
eadi
ngcybersecur
it
yfi
rms– Someo ft
h ema l
ici
ousAPKsu nderc i
r-
SophosandCheckPoi
nthaveconduct
edst
ud- cul
ati
ona re Covi
d -
19.apk,Vccin-
Ap -
pl
y.apk, Cov-Regis.
a pk, Vaci
__Re -
i
esont
heRansomwar
eat
tacksi
nindi
a.
gi
s.apk,andMy Vaccin_v2.
apk.
 Vul
ner
abi
li
ti
esi
n Nat
ionalhel
pli
neNo.t
o
Mi
crosof
tPr
oduct
s r
epor
tCyberCr
ime

CERT-
Ini
ssuedapubl
i
cadvi
sor
yCI
AD –2021 TheMi
nist
ryofHomeAf
fai
rs(
MHA)hasoper
a-
-0024ont
hemul
ti
plevul
ner
abi
l
iti
esr
epor
ted t
ional
i
sed t
he nat
ionalhel
pli
ne 155260 and
i
nthe Mi
crosof
t pr
oduct
s whi
ch coul
d be r
epor
ti
ngpl
atf
ormf
orpr
event
ingf
inanci
all
oss
expl
oit
ed by an at
tackert
o access sensi
ti
ve due t
o cyberf
raud.Cur
rent
ly
,the numberi
s
i
nfor
mat
ion,per
for
m aDeni
alofSer
vice(
DoS) oper
ati
onali
nthese7t
err
it
ori
es(
Chhat
ti
sgar
h,
at
tacket
c.Thi
sadvi
sor
ysuggest
sappl
yingt
he Del
hi,Madhya Pr
adesh,Raj
ast
han,Tel
anga-
updat
est
osol
vet
hevul
ner
abi
l
iti
es. na,Ut
tar
akhandandUt
tarPr
adesh)
.

Ot
herupdat
es Edi
tor
ialTeam

I
TUGl
obalCyberSecur
ity I
nfor
mat i
onandCyberSecur
it
y
(GCI
)Index2020 Depart
ment,PFRDA
Feedback/
Suggest
ions
I
ndi
a hasmade i
ttot
he t
op 10 i
n GCI2020
r
eleasedbyI
TU.I
ndi
ahasmovedup37pl
aces Mai
lto:
t
othe10t
hrankwi
that
otal
scor
eof97.
5poi
nts ShriMohanGandhi
outofamaxi
mum of100. CGM
k.
mohangandhi@pf
rda.
org.
in
Theranki
ngisbasedont heassessmentof5
par
ametersofcybersecur
it
y:
ShriDaulathAl
iKhan
DGM
1.Legalmeasures
daulat
h.khan@pfr
da.
org.
in
2.Techni
calmeasures
3.Organi
sati
onalMeasur
es
Shr iSri
nivasBhoosarapu
4.Capaci
tyDevelopment
CISO
5.Cooperat
ion
Srinivas.
bhoosarapu@pfrda.
org.
in

ShriVigneshC
Assist
antManager
Vi
gnesh. c@pf
rda.
org.
in