While the issue of cyber threats is consistently on the rise, there is a general perception that only metro cities may be prone to cyber-attacks. But in fact, research has found time and again that it is the other way around. Multiple cities in India and even in the West are vulnerable to advanced cyber-attacks- ranging from phishing to crypto mining to ransomware. By using the network and server-side vulnerabilities, threat actors are triggering successful ransomware attacks.
The trend of rising cyber-attacks across Tier-II cities, in particular, is evident from the fact that up to 23 small cities in Texas recently got attacked for ransomware. And keeping in mind that a few urban areas need to fix their vulnerabilities, they are altogether not ready for the size of cyber threats that are coming in.
The city of New Orleans is still attempting to discover the source of ransomware that attacked city computer networks recently. New Orleans Mayor Latoya Cantrell has since announced a highly sensitive situation in the city, saying the attack put the city at an emergency and city workers were encouraged to detach from the Wi-Fi, shut down their PCs and unplug them. Similarly in the US, the city of Baltimore ended up paying $6 million to improve their IT infrastructure over the mid-year of 2019 after a ransomware attack encrypted city databases for quite a long time.
According to researchers, the issue lies in the lagging IT infrastructure across smaller towns. Moreover, companies and government offices in Tier II may be using outdated software and not keeping up with security patches for vulnerabilities as actively as Tier-I cities. Nevertheless, smaller cities are still juicy targets, given they are still connected to the web and involve assets at a similar scale.
Similarly, being a global metropolitan does not prevent a city particularly if more modern IT infrastructure, best cybersecurity practices and malware detection/prevention tolls are not in place. With a population well over 5,000,000 individuals, Johannesburg has been one of the larger cities to succumb to ransomware recently.
In July, a ransomware occurrence hit the city’s power utility department, and inhabitants were left without electricity for quite a long time since the organization’s databases were encrypted by hackers and remained frozen for a long while. In another attack, South African Banking Risk Information Center announced that different banks in South Africa also were hit with DDoS malware.
What’s Happening In India?
The situation in India is not too great either. While the economic boom has enhanced fast track development across India with smaller cities becoming popular growth destinations, cybersecurity awareness among companies in Tier-II regions is believed to be very low. This situation has led Tier-II cities becoming a ‘sweet spot’ for cybercriminals, revealed the Q2 findings of K7 Computing’s Cyber Threat Monitor (CTM), the quarterly study on the Indian cybersecurity landscape.
According to the study, Patna registered the highest percentile of cyberattacks at 47% compared to the rest of the Tier-II cities covered in the study, and higher than any Tier-I city. Guwahati, Lucknow, Bhubaneswar, and Jaipur also witnessed a massive 45%, 44%, 43% and 40% of cyber users coming under attack such as ransomware.
Will IoT & Smart Cities Further Make It Complicated To Protect Networks Against Ransomware?
The issue of rising attacks across global cities may be further triggered as more devices get connected on computer networks and are prone to ransomware and other cyberattacks. It is estimated that overall IoT spending across the globe will reach $745 billion in 2019 and pass the $1 trillion mark by 2022. According to Nasscom, the Indian Internet of Things (IoT) market is predicted to reach $15 billion by 2020, which will be 5% of the worldwide market. Still, IoT standardisation has not yet been fully implemented in the country.
From smart assistants to self-driving vehicles, and from smart meters to healthcare devices, the growth of the IoT market reflects that of a fast-climbing business sector. The extension of the network to the edge will be another juicy target for hackers, particularly in smaller cities who may not have the capabilities of managing the increasingly-complex network of devices.
Researchers have also found that the majority of IoT device manufacturers and users are not keeping up with security, thus inviting massive-scale attacks. Experts say that the most vulnerable IoT devices existing in the country include printers, NAS, IP cameras, media players, set-top boxes and smart TVs- giving a backdoor to hackers in an organisation’s network.
We have witnessed episodes like attackers shutting down IoT networks or the Mirai botnet incident which cut down a great part of the web on the US east coast; and targeted attacks against enterprise infrastructure, including electrical grids, dams and even nuclear offices have come to light in the past. As a result, the challenge that stands against all government and private organisations, particularly in smaller cities, to develop robust cybersecurity frameworks, formulate security standards and practices throughout all geographies.