By Srinath Srinivasan
New Delhi was among the top 10 cities in the world that recorded the highest number of cyber attacks during the two-month- long lockdown, with many of them coronavirus-themed attacks according to a report by digital technology provider Subex. India was among the top five most attacked countries in the region throughout the quarter. The country attracted attacks of relatively high quality (as compared to other regions and last year).
Critical infrastructure was attacked the most, followed by sectors such as banking, defence and manufacturing.
Other cities in the top 10 list include New York, London, Singapore, Dubai, Tokyo and Kiev. Subex has observed that hackers are focusing on attacking specific segments such as healthcare. It has also detected a spurt in deceptive attacks on critical infrastructure elements across the world, especially in Eastern Europe, where these attacks are growing in volume.“The quality of these attacks is also improving with each passing week,” says Vinod Kumar, managing director and CEO, Subex. The firm had issued an advisory on the onset of coronavirus themed attacks in the first week of March.
Most of the inbound attacks on India have come from North Korea. “The huge spike in attacks on banking and financial services could be attributed to attackers based in North Korea,” says Kumar. This is largely in line with the findings of various analysts who have noted the increasing capabilities of North Korean hacker groups as also the increased internet bandwidth now available to them as a result of opening of a second internet gateway in the country.
There are also reports of North Korean hackers being hired by other cybercriminals for carrying out specific attacks, according to Subex. The report mentions a number of financial institutions across South East Asia that suffered from attacks by these hackers. Among them is Cosmos Bank based in Pune; India lost nearly $12 million in a coordinated attack traced back to North Korea.
“From attacking financial firms to siphoning money to attacking nuclear power plants to getting information on various operational aspects and targeting diplomatic cables, North Korean hackers are getting more brazen and unpredictable,” says Kumar. Financial institutions remain high on their list of targets.
As per the report, in the last three months, there was a 46% increase in critical attacks on smart homes, enterprises and control systems connected to critical infrastructure. There was also a rise in deceptive attacks on critical infrastructure (designed to keep Indian computer emergency response teams and other cyber defense agencies occupied while the hackers chase other high-value targets). The attacks were led directly to mailboxes as well.
There was a 68% rise in Coronavirus-themed phishing emails across classes. Enterprise and manufacturing were the two main target segments. “As the world adjusts to the new normal, hackers are evolving faster than ever before. They are taking advantage of our diffused attention and the lack of resources to keep up the pressure on cybersecurity teams in an enterprise, individual users, and government levels,” he says.
In terms of malware diversity, the quarter saw the introduction of new variants of many malware including old ones such as Mirai. “In March, we were able to detect multiple instances of ransomware as well, including Locky and Sadogo. Though the volume of new malware registered a small dip this quarter, number of variants increased significantly,” explains Kumar.
“The focus has shifted from releasing new malware to using existing malware or variants in a better way using better deception strategies and tactics.” These malware originate/ are bought from mainly dark web, malware forums, academic/ research labs and various unknown sources.