As the world gets absorbed by the COVID-19 pandemic, cyberattacks have become a critical area for all technology-focused organizations in India. Hackers have been exploiting various means of stealing valuable and sensitive corporate data. One common means of hacking systems is via the Internet of Things (IoT) route.
Over 3.5 million attacks a day, registered across this network of individual honeypots, have been studied, analysed, classified and labelled according to a threat rank index, a priority assessment framework formed at Subex – a global telecom solutions company.
Sign up for your weekly dose of what's up in emerging technology.
To understand the ramifications of threats in the IoT space, Analytics India Magazine got in touch with Kiran Zachariah, Vice President – IoT Solutions at Subex. According to Kiran, critical infrastructure in India is most affected by IoT-centric cybersecurity attacks, followed by sectors such as banking, defence and manufacturing. Here are the edited excerpts-
AIM: What are the different attacks which are happening to IoT deployments globally?
Kiran Zachariah: There are many attack types as per the data gathered from our honeypot. Each attack is designed to achieve a specific objective. For instance, persistent reconnaissance is usually done to keep an eye on systems and networks of an entity of interest by hackers.
In terms of percentage occurrence, there is integrity violation with malicious code Injection (17%), Brute force attacks (11%), Privilege abuse (7%), Denial of Service (DoS) and variants (15%), Port/asset scan/TCPdump (10%), Firmware downgrade attempts (8%), Crypto mining and crypto-jacking attacks (8%), Simple reconnaissance (4%), and Persistent reconnaissance (20%).
AIM: Tell us about the number of new malware and variants that Subex detected.
Kiran Zachariah: We have been able to isolate many strains of ransomware, including seven variants of highly potent ransomware. We continue to detect newer strains as the focus has now shifted from attacking enterprises directly, to luring employees and other stakeholders, and using them to create breaches or other opportunities to steal data or to hold data to ransom.
AIM: What are the new tactics implemented by hackers to attack assets in cyberspace?
Kiran Zachariah: They are using the confusion and anxiety created by episodes such as the coronavirus outbreak to lure victims into clicking on links hosting malware, or even downloading attachments infected with ransomware such as Locky. The mail is often sent from a fake ID that pretends to be real, and the text of the mail is persuasive in terms of content. We have isolated fake emails from various sources, including one which claimed to be from the office of the WHO President.
AIM: What may be the implications for a country like India with weaker cybersecurity defence and IoT standards?
Kiran Zachariah: India became the most targeted country in the world during the second quarter of 2019. Throughout the year, India was in the top five, especially after March 2019. Throughout the year, the country attracted attacks of relatively high quality (as compared to other regions and last year). Critical infrastructure was attacked the most, followed by sectors such as banking, defence and manufacturing. This is indeed a worrying trend.
These persistent attacks indicate the level of interest that hackers or hacker groups have in targeting India. We have to improve our defences, invest in enhancing cyber resilience and in gathering and using threat intelligence of high quality to detect and thwart attacks. We have to work towards increasing the cost of cyberattacks for hackers while making it highly difficult – if not impossible – to attack us.
AIM: Also, tell us about how Subex’s honeypot network works.
Kiran Zachariah: Our honeypot network is operational in 62 cities across the world today. These cities have physical or virtual devices and device configurations that are designed to lure hackers and malware into attacking them.
Over 3.5 million attacks a day registered across this network of individual honeypots are studied, analysed, classified and labelled according to a threat rank index, a priority assessment framework, that we have formed within Subex. The network comprises over 4,000 physical and virtual devices, incorporating over 400 device architectures and diverse connectivity characteristics worldwide. Devices are classified based on the sectors they pertain to for purposes of registering sectoral attacks.