The Internet has become so integral to economic and national life that government, business, and individual users are targets for ever-more frequent and threatening attacks. A study by the US-based software technology firm VMware says that eight in 10 businesses witnessed increased cyberattacks in 2015; a third expect to be targeted within 90 days. The threat of cyberattacks on government agencies is equally real. Recently, IT security firm FireEye revealed a malicious attack by a suspected Pakistan-based group against Indian government officials. The group registered a fake news website and sent spear phishing emails to government officials. The emails referenced the Indian Government’s 7th Central Pay Commission, a topic of interest among officials.
The suspected Pakistan-based threat group has been active for several years, conducting suspected intelligence collection operations against South Asian political and military targets. The group is the same that FireEye revealed in March 2016 to have conducted cyber attacks against Indian targets and Pakistani dissidents since 2013. They were observed using malicious documents hosted on websites about the Indian Army, instead of sending these documents directly as an email attachment. The infrastructure used by the group is the same in both attacks.
In the latest instance, the emails sent to government officials were sent from the website of a media house, basically a fake news domain registered by the attackers. The group attached a malicious Microsoft Word document to the emails, which pretended to be sent by an employee of the media house. They requested the recipient open the attachment about the 7th Pay Commission.
The attachment is designed to create a backdoor which FireEye calls the Breach Remote Administration Tool (BreachRAT). FireEye has not previously observed this malicious tool used by these threat actors. It allows the attacks to download and run new programs, upload files from the victims’ systems to the attackers’ servers, and a variety of other functions.
“This is another example of real world tensions reflected in cyberspace. There’s no silver bullet to fend off advanced cyber attacks. It’s critical for Indian organisations to bring together the technology, expertise and threat intelligence necessary to quickly detect and respond to these attacks,” said Bryce Boland, chief technology officer for Asia Pacific at FireEye.
The VMware study emphasises that greater alignment amongst people, priorities and products is required to detect and respond to evolving and increasingly frequent cyber attacks. The study, conducted by The Economist Intelligence Unit (EIU), which VMware sponsored globally, highlights growing cybersecurity vulnerabilities in India, with nearly 8 in 10 IT and C-suite business leaders experiencing increased cyber attacks on their firms in 2015.
Indian businesses are under increasing risk from serious cyber attacks, with a third (33%) of the respondents expecting to be targeted within 90 days—a number higher than the Asia-Pacific region. These findings suggest that many leaders in India are concerned about growing instances of cyber-attacks and their lack of preparedness as they explore new IT innovations to advance their business. This reinforces the need for a new approach to security.
A key finding from the study is the opposing view of the perceived importance of cybersecurity as a high-priority initiative in India. IT leaders (32%) in India regard cybersecurity as their number one corporate priority, while only 8% of C-suite business leaders share a similar point of view. Similarly, while 36% of IT leaders believe security budgets will significantly increase in the next two years, only 21% of C-suite business leaders foresee likewise.
“Forward-thinking organisations understand that the reactive security approach of today is no longer doing its job. They also acknowledge that people and systems can be easily bypassed or blindsided if the business lacks a ubiquitous IT architectural plan that cuts across all levels of compute, network, storage, clouds and devices,” says Arun Parameswaran, managing director, VMware India. “By taking a software-defined approach to IT, security is ‘architected’ into everything, empowering organisations to gain the flexibility required to succeed as a digital business.”
Critical risks identified by both groups were ‘unknown cyber threats that move faster than their defenses’, ‘resources and data that may unknowingly reside in the cloud’, ‘employees who are careless or untrained in cybersecurity’, and ‘illegitimate users and devices accessing corporate networks’.
CYBER SECURITY: A REALITY CHECK
* Cyber attacks cause loss of customer data, IP, competitive positioning
* 8 in 10 businesses experienced increased cyber attacks
* A third (33%) expect an attack within 90 days
* 31.8% of Indian business leaders more concerned about theft of customer data
* 32% of IT leaders regard cyber security as their number one corporate priority
* 36% of IT leaders believe security budgets will significantly increase in the next two years
* There is pressing need for IT leaders to better understand business risks and objectives