India has been one of the most attacked nations in the cyber world, according to numerous research reports. From basic malware to advanced zero attacks, security threats are putting Indian companies at constant risk of losing valuable assets.
Given the scale of India’s growing digital sector and fintech, many leaders and RBI have been recommending to set up a board for a country-wide cybersecurity policy that gives a needed framework and the strategy to tackle cyber threats.
India has been a target of international hackers. For example, Nuclear Power Corporation of India’s Kudankulam nuclear plant said there was a cyberattack on its systems, which was traced to North Korea. The malware had the capability to access files and upload the entire data into a remote network outside of India.
A major incident involving North Korean hackers was the Cosmos bank heist. After Pune based Cosmos bank lost $11.5 million in unauthorized withdrawals, a panel was set up to study various UN sanctions breached by North Korea. The report found that North Korean hackers allegedly withdrew the funds from ATMs in 28 countries.
Lazarus hackers used multiple attack techniques including malware infection, ATM switch compromise, and the bank’s messaging environment compromise. The exploit involved multiple targeted malware infections followed by leveraging a set of malicious ISO8583 libraries and process code injections to stand up a malicious ATM/POS switch in parallel and selectively breaking the connection between the Central and the backend/Core Banking System (CBS).
“These persistent attacks indicate the level of interest that hackers or hacker groups have in targeting India. We have to improve our defences, invest in enhancing cyber resilience, and in gathering and using threat intelligence of high quality to detect and thwart attacks,” Kiran Zachariah, Vice President – IoT Solutions at Subex told Analytics India Magazine.
The ongoing lockdown situation had made it worse for Indian companies and fueled the demand for a more advanced framework and policy nationwide. “With the expanding number of breaches happening across the country along with government websites getting hacked, the need for building a secure framework for all institutions is very critical. There should be a clear cybersecurity framework for encouraging businesses to partner more closely with government agencies, to share threat information in ways that will help in keeping consumers and companies more aware and protected,” Murali Urs, Country Manager, Barracuda Networks told us.
One of the biggest problems that exist is the prevalence of legacy IT infrastructure across smaller towns in India. Multiple cities in India have been found to be vulnerable to advanced cyber-attacks. According to the report from K7 titled Cyber Threat Monitor, critical threats witnessed ranged from phishing attacks to malicious apps disguised as health apps that targeted users’ sensitive data. Phishing attacks were seen more in Tier – II and Tier – III cities while the metro cities did better.
The report also found that smaller cities saw over 250 attacks detected per 10,000 users. Interestingly, the Tier-II cities such as Patna, Guwahati, Lucknow, and Bhubaneswar had been worse off than Tier-I cities due to factors like awareness gap about cybersecurity. In addition, companies and government offices in Tier-II cities may not keep up with security patches for vulnerabilities as actively as Tier-I cities.
“India became the most targeted country in the world during the second quarter of 2019. Throughout the year, India was in the top five, especially after March 2019. Throughout the year, the country attracted attacks of relatively high quality as compared to other regions and last year. Critical infrastructure was attacked the most, followed by sectors such as banking, defence and manufacturing. This is indeed a worrying trend,” Kiran Zachariah further said.
Attacks like ransomware, email phishing, or others like crypto-mining and trojans may remain hidden across IT systems until full-fledged attacks are unleashed. Investigators across India have been urging the government for years now to take preventative measures and allocate much larger funds to safeguard, monitor and patch systems, many of which are critical to national security.
Outdated, Unpatched Software
Technology policy think tanks and cyber experts advocates have also pointed to the lack of encryption, security standards that plague India’s IT requirements, and which are the root of most data publicly known breaches.
According to security analysts, the expansion of the enterprise to the edge has made it very challenging for IT teams, particularly in smaller Indian cities which may not have the capabilities of handling the increasingly-complex network of devices. Moreover, numerous companies and government offices may still have outdated or unpatched software not kept with the latest security patches. Therefore, those places are still juicy targets for malicious actors.
Adam Palmer, chief cybersecurity strategist at Tenable told Analytics India Magazine what can be done about this. He said, “India’s cybersecurity needs are not different from the rest of the world. When you analyze the vast majority of breaches that occur, whether they’re in India or globally, most of them are caused by known but unpatched vulnerabilities. Cybersecurity programs in India should evolve to take a risk-based approach that means enterprises should focus on the vulnerabilities that matter the most. Many organizations in India are still relying on legacy tools and processes that are inadequate to navigate the complex threats in today’s dynamic and modern computing environment.”
Business Continuity During COVID-19
Business continuity during the COVID-19 lockdown is a big challenge. Firms are not just at risk of losing web connectivity and outages, but data security vulnerabilities and cybersecurity attacks. There have seen many incidents of phishing, misinformation campaigns, and others work-from-home opportunities for hackers making their way around the internet.
With the lockdown extended around the world, employees continue to work remotely on their private networks, which is undoubtedly a threat to most Indian companies. According to a study by PwC, the number of cyberattacks on Indian companies has doubled in the past few months as cybercriminals use the disruption brought about by the COVID-19 outbreak to infiltrate corporate networks and steal data.
The CERT-In (The Computer Emergency Response Team of India) stated in its latest advisory to the internet users that, “Cybercriminals are exploiting the coronavirus pandemic outbreak as an opportunity to send phishing emails in the form of an ‘important update’ or ‘encouraging donations’, or trying to impersonate employees’ trustworthy organizations.”
According to the agency, the current global health situation has seen changes to the way people accomplish their regular job, with an increasing number working from home instead of the office. The officials said that employees who are switching to remote working because of the coronavirus outbreak could create cybersecurity problems for the business and the employers.
“In the current context where the same version of confidential/sensitive data is spread across an organization and sits in various places- databases, cloud platforms, collaboration tools, file system, endpoints, e-mails, etc., it is getting very challenging for security professionals, security architects and security engineers to come up with a single solution to address all security gaps at various levels,” Visweswara Rao Sreemanthula, a Senior Manager – IT Security at Verizon told Analytics India Magazine.
In April, Indian IT giant Infosys beefed up its security to safeguard itself from potential cyber-attacks. And the firm has further planned to enhance security in 2020 by expanding and reskilling its team. Vishal Salvi, chief information security officer and head of cybersecurity at Infosys recently said, “Investment in cybersecurity controls are on the rise year-on-year, and that is because organizations are considering cybersecurity investment very strategic for their current and future business.” According to Salvi, the company is mainly focusing on reskilling its team in identity and access management, infrastructure security, security information, event management, security orchestration, automation, and response.
The Security Plan
The sudden shift to a remote-work model means that employees are now combining personal technology with work networks, and this is contributing to an expanded attack surface. Many of these devices may also be older or unsecured, and this introduces serious new risks. All of this can be challenging for security teams who now have to manage this expanded and complex attack surface.
Enterprises are taking the best precautionary steps to support and protect employees during this global pandemic. It is, therefore, critical for businesses to look at the various means by which they can address the complex security challenges, with the escalating threats prevailing due to remote working during the COVID-19 outbreak. Here, active traffic and network assessment is critical for application services to meet the new levels of demand and handle peak loads in traffic.
Network security, data availability, and protection have become a crucial priority for enterprises for truly seamless business continuity. On ensuring network security and data traffic management at the time of COVID-19, we also talked with Sanjai Gangadharan, Regional Director, SAARC, A10 Networks who said, “Remote working is the need of the hour for organizations in India as social distancing amid lockdown becomes a priority in fighting the COVID-19 battle. Network protection from distributed denial of service (DDoS) attacks is a key concern of remote working for organizations.”
“Organizations should continually assess their networks for security vulnerabilities. This can prevent a range of problems such as unauthorized access to applications and identifying underlying software flaws that expose sensitive data. Vulnerability scanners can help identify these concerns, making it easier to understand if systems have critical risks that need to be addressed,” Adam Palmer, Chief Cybersecurity Strategist at Tenable told.
According to Adam, as a first step, it’s important to identify its information assets, having a baseline will help in knowing the width and depth of what has to be protected. Once determined, organizations need to work along with various stakeholders in designing controls which will help achieve the security business objectives.
Other experts and leaders in the security industry say that in order to respond to the cybersecurity complexities of remote working due to COVID-19, enterprises must take a zero-trust approach. They must ensure that no user has access to data that they don’t depend on for their day-to-day functions. Companies must also ensure visibility into all users, traffic, data, and workloads, and have uniform security policies applied across all locations to make sure no loopholes exist.