Advertisment

How can IRCTC keep hackers at bay?

author-image
Onkar Sharma
New Update
irctc login

Hackers did not spare even IRCTC as they were able to get access to the data of millions of users. This incident has pointed fingers at the security of the IRCTC systems. IRCTC claims to have robust security around its networks. But these claims have fallen flat. This is not going well with the website users who often visit the website to book railway tickets.

Advertisment

Although IRCTC has denied that there is anything wrong with its website, it is clear that cyber crooks were misusing the website to access critical information.

"When a massive data breach like this is alleged, the first thing organizations must do is carry out a proper forensic investigation to validate the claim. Once a breach is confirmed, it’s important to to quickly investigate exactly what was stolen, the impact to the business and its customers, how the attacker gained access, and if the incident is contained. The skills required for this are beyond what most organizations have in-house. When Mandiant undertakes investigations like this, we use advanced forensic techniques to reconstruct every step the attackers took. While oftentimes the first inclination is to blame insiders, Mandiant often finds that outside attackers are solely responsible," suggested Vivek Chudgar, Senior Director for Mandiant for Asia Pacific.

Sudeep Das, SE Manager - India and SAARC, RSA also said, "New and increasingly sophisticated ways to perpetrate fraud are constantly being developed and deployed. This makes it extremely difficult to keep pace with the individual fraud attempts targeting an organization's website. The hackers use business logic abuse mechanisms to hide within legitimate traffic but in a manner unintended by the site owner. Such sophisticated attacks often go unnoticed b y either Web Application Firewalls or Log Analysis tools. It seems the same has happened incase of IRCTC hack."

One of the experts further says that the traditional Web Application Firewall technologies needs to be augmented with behavioral Intelligence to hunt these attacks in real time and respond to them quickly. Need of the hour is to detect quickly and respond even quicker before there is a major damage to business.

security
Advertisment