By Srinath Srinivasan
With increased digital adoption across industries leading to higher digital traffic, India is finding itself battling sophisticated cyber problems to deal with. A recent cyber threat report by Sectrio, the cyber security division of IT services firm Subex, shows that in 2021, India not only faced attacks on its critical infrastructure and digital financial systems but also on its numerous small businesses which have gone online since the Covid-induced lockdowns. India is also increasingly fending off malware attacks from state-backed groups such as Chinese Double Dragon (APT 41) and North Korean Lazarus (APT 38) which target critical infrastructures and financial services.
“The rising activity levels of North Korean APT groups is a matter of concern as they are known to target diplomatic and government communication. This year online, we came across data belonging to companies that had never reported a cyberattack. They were quickly alerted,” says Kiran Zachariah, vice-president, Digital Security, Sectrio. “The difference between the number of actual attacks versus those that are reported is the highest in countries such as India, Mexico, South Korea, Finland, Oman, and Spain. It is the lowest in Japan, and a few other countries,” he adds.
As per the report, India is facing increased cyber attacks because of the extensive use of stolen AI-based tools that are helping create malware that are highly stealthy and adaptive, the large presence of legacy unpatched systems, the growing availability of connectivity and bandwidth, the rapid expansion of digital threat surfaces, ever increasing volume of digital transactions in the country, regional geopolitical tensions, growing penetration of financial services and the expanding footprint of APT (advanced persistent threat) groups such as TA406 and APT29.
The data gathered from Sectrio’s Indian honeypots, out of its global honeypot network in over 75 cities around the world, show that India registered a 290% increase in cyberattacks during 2021. ”The biggest trend that was recorded in India in 2021 is that of the country emerging as a testing ground for new malware from across the globe,” says Zachariah. The attacks are used to to study institutional responses and response mechanisms, improve the odds of successful cyberattacks on other regions in the future, hold data to ransom, test new variants of malware for their potency and stealth and finally to study malware propagation streams (patterns of disbursement across regional networks).
“Towards the mid/second half of 2021, we also saw the establishment of large-scale botnets to target manufacturing, defense, utilities, supply chains, and oil and gas infrastructure,” says Zachariah. The botnets were switched on and off at random and were operating across a wide range of IP addresses, sending a huge volume of phishing emails into the country. GST, tax filing, and production reporting were the most common themes used by hackers in the phishing emails. In October, last year, during the ICC Men’s T20 World Cup match between India and Pakistan, India recorded serious cyber attack activities coming directly from Pakistan. “The number of inbound cyberattacks logged by our physical and virtual honeypots in India held steady in the region at about three lakh attacks a day.
On October 24, however, the number of attacks rose substantially to hit the 4.9 lakh-mark briefly before dipping significantly towards midnight Indian Standard Time. The cricket match was over by then,” he says. According to him, all were sophisticated attacks and did not include reconnaissance or low-grade probing.
Adversarial entities seem to be interested in conducting persistent reconnaissance on critical Indian infrastructure projects. Hackers are trying to get into key projects early and stay on in the network through low footprint malware and communication tactics. The stolen volume of data is usually leaked on forums like the Dark Web. “The volume is low because the hackers do not want to disclose their success or presence on the victim’s networks,” he says.
While 2021 may have passed, the trend of evolving cyber attacks is expected to continue in 2022, calling for reinforced efforts to protect India’s digital infrastructure.