India is dealing with sophisticated cyber problems as a result of growing digital adoption across industries, which has resulted in higher digital traffic. According to a recent cyber threat report published by Sectrio, the cyber security division of IT services firm Subex, India will face cyber attacks in 2021 not only on its critical infrastructure and digital financial systems, but also on the numerous small businesses that have gone online since the Covid-induced lockdowns. India is also progressively defending itself against state-sponsored malware attacks such as Chinese Double Dragon (APT 41) and North Korean Lazarus (APT 38), which target key infrastructure and financial institutions.
“The rising activity levels of North Korean APT groups is a matter of concern as they are known to target diplomatic and government communication. This year online, we came across data belonging to companies that had never reported a cyberattack. They were quickly alerted,” says Kiran Zachariah, vice-president, Digital Security, Sectrio. “The difference between the number of actual attacks versus those that are reported is the highest in countries such as India, Mexico, South Korea, Finland, Oman, and Spain. It is the lowest in Japan, and a few other countries,” he adds.
According to the report, India is experiencing an increase in cyber attacks as a result of the widespread use of stolen AI-based tools that are assisting in the creation of highly stealthy and adaptive malware, the large presence of legacy unpatched systems, the growing availability of connectivity and bandwidth, the rapid expansion of digital threat surfaces, the ever-increasing volume of digital transactions in the country, regional geopolitical tensions, and growing penetration of financial services.
The data gathered from Sectrio’s Indian honeypots, out of its global honeypot network in over 75 cities around the world, show that India registered a 290% increase in cyberattacks during 2021. ”The biggest trend that was recorded in India in 2021 is that of the country emerging as a testing ground for new malware from across the globe,” says Zachariah. The attacks are used to to study institutional responses and response mechanisms, improve the odds of successful cyberattacks on other regions in the future, hold data to ransom, test new variants of malware for their potency and stealth and finally to study malware propagation streams (patterns of disbursement across regional networks).
“Towards the mid/second half of 2021, we also saw the establishment of large-scale botnets to target manufacturing, defense, utilities, supply chains, and oil and gas infrastructure,” says Zachariah. The botnets were switched on and off at random and were operating across a wide range of IP addresses, sending a huge volume of phishing emails into the country. GST, tax filing, and production reporting were the most common themes used by hackers in the phishing emails. In October, last year, during the ICC Men’s T20 World Cup match between India and Pakistan, India recorded serious cyber attack activities coming directly from Pakistan. “The number of inbound cyberattacks logged by our physical and virtual honeypots in India held steady in the region at about three lakh attacks a day.
Adversarial entities appear to be keen on conducting ongoing reconnaissance on key Indian infrastructure projects. Hackers are using low-footprint malware and communication strategies to gain early access to crucial projects and stay on the network. The stolen material is frequently leaked on underground forums such as the Dark Web. “The volume is modest because the hackers don’t want to reveal their success or their presence on the victim’s networks,” he explains.
Despite the fact that 2021 has past, the trend of increasing cyber attacks is projected to continue in 2022, necessitating further efforts to safeguard India’s digital infrastructure.
