The attacks originated in European countries such as Czech Republic, Poland and Slovenia predominantly and were aimed at New Delhi, Mumbai and Bengaluru in India.
By Srinath Srinivasan
As of June 30, 2019, over 15% of smart cities project, 14 % of financial services and and 14 % of utilities that are part of various sectors in India came under cyber security attack, as per Subex, a digital trust solution provider for telcos in India. According to it, this is a result of increasing interest of hackers in critical infrastructures in the country, especially on Internet of Things (IoT) deployments. IoT deployments provide a series of entry points for hackers to enter into a network, that require active security and monitoring. These attacks have seen 22% increase from the previous quarter.
The attacks originated in European countries such as Czech Republic, Poland and Slovenia predominantly and were aimed at New Delhi, Mumbai and Bengaluru in India. Mexico and Brazil fall next in the order of top origins of malware attacks. Malwares such as Backdoor, Botnet and Password stealers were the common malware categories and their variants like Mirai, Torii and ADB. Miner were common variants. According to experts in the industry, these could cause severe downtime if left unchecked and the loss could be in several millions of dollars.
As per the Subex report, these attacks had strong geo-political influence, showing a trend that’s increasingly pointing towards electronic warfare. These attacks were also of reconnaissance type, mostly aimed at getting strategic data.
“India was the most attacked nation in the IoT space last quarter. These attacks were aimed at integrity violation with malicious code injection and were brute force attacks,” says P Vinod Kumar, CEO, Subex.
During the monitoring by the company, 15,000 new samples of malware were discovered in the country during the quarter. As much as 17% of the samples collected were modular malware indicating a clear rise in the sophistication of attacks. Some of these were also military grade malware, which were available for purchase or hire. On an average, these malwares persisted for over 90 days, indicating the severity of the attacks and time taken to get them off a network. This duration were common to top four sectors which withstood the attack—IoT, BFSI, smart cities and defence. Length of persistence also depends on the response mechanisms being tested. Highest levels of persistence were seen in the smart cities sector while agriculture reported the lowest at less than 100 days, full length.
IoT deployments in India received the maximum number of attacks from a few geographies in Central Europe. These attacks were originating from a few botnets that Subex detected in the region. As per Subex, the IP range clearly indicated a significant degree of compromise. “It can be stated with a high level of confidence that a few IoT projects have been compromised in this geography (or are being leased out to hacker groups). These bot farms are being controlled by hackers sitting in countries in close proximity to India and there are signs that these are coordinated attacks with a geo-political motivation,” asserts Kumar, talking about the process behind the attacks. The Subex expert team has observed patterns of IP spoofing with a clear intend to hide the geography of origin of the command and control network behind these attacks. The clear preference for defence deployments among these botnets is also a reason behind this assumption.
Subex uses its honeypot network which is operational in 62 cities across the world to get intel into these attacks. These cities are landing centres of submarine cables or internet traffic hotspots or potential centres to host multiple IoT projects in future or could have various other significance.
“Over 3 million attacks a day on average are registered across this network of individual honeypots. These attacks are captured, studied, analysed, categorised and marked according to a threat rank index, a priority assessment framework, that Subex has developed internally,” explains Kumar. The network includes over 4000 physical and virtual devices covering over 400 device architectures and varied connectivity flavours, globally.Out of the 62 cities, 15 are in India.
Subex also predicts that critical infrastructure will continue to receive attention from hackers. While there is no absolute security at this point, increasing the security layers will show a temporary dip in the attacks and help understand where hackers will turn their attention to next. The situation also shows a clear demand for highly skilled and employable cybersecurity experts in the country.