Persistent Risks: No let-up in cyberattacks as Covid-19 lockdown eases

By Srinath Srinivasan

The second quarter of calendar year 2020 saw a spike in Covid-19 cases in India. The cyberattack situation during this period, as per telecom analytics solution provider and digital trust pioneer Subex, highlight the dynamic nature of the threat landscape with the addition of new actors, malware, tactics, and avenues for the sale of stolen data. According to its latest threat landscape report, the Covid-19 induced lockdown has seen more breaches, morphed variants and new threat actors.

“Many established hacker groups and Advanced Persistent Threat (APT) teams had moved on to other targets,” says Vinod Kumar, managing director & CEO, Subex. As per the report, India was once again among the top five most attacked countries in the region throughout the quarter. “Most cyberattacks on India came from IP (internet protocol) addresses in South East Asia and a few countries in Eastern Europe,” says Kumar.

The standoff between India and China may make one assume an increase in cyberattacks from China. Kumar says it was not the case. “Unlike what has been widely reported, we didn’t see a significant rise in direct inbound cyberatacks on India from China. While India continues to draw a significant volume of direct cyberattacks from China, the more sophisticated and complex ones are routed through a range of IPs belonging to neutral countries such as Venezuela,” explains Kumar.

For Indian assets on the Web, the situation has been worrisome. Manufacturing and utilities continue to suffer a huge volume of attacks. “The reconnaissance activity in networks connected with critical infrastructure is increasing by the day. This includes utilities, power grids, water plants and data centres. There are at least five APTs that are closely studying critical infrastructure in the country and all of them are based in countries that have hostile intentions or have had geo-political concerns with India in the recent past,” says Kumar.

“Another set of APT groups seems to be interested in the law enforcement and governance machinery in the country,” he adds. The report also presents chatter intercepted from various sources by Subex’s threat researchers that gives a rare peek into hacker interactions, collaborative strategies, and targets. The most significant findings include state-backed hacker groups monetising cyberattacks. As funding from state coffers have started thinning, more hackers are now seeking ransom than ever before with Covid-19 themed attacks used mostly by new and amateur hacker groups as a means of making quick money.

Kumar also points to unnoticed themes. The most unusual of them being the stolen data and where it resides now. “Plenty of intellectual property data and confidential information stolen by hackers throughout the year has still not appeared on the Dark Web and other places,” says Kumar.

The Covid-19 induced recession has not slowed down cyberattacks. If anything, it has emboldened the hackers. Attacks motivated by geopolitical goals have reduced a bit globally as most of the groups are using their capabilities to collect Bitcoins in ransom. “Such groups’ ability to stay afloat and operate freely continues to be a matter of concern as they possess the most sophisticated tools and talent in addition to geopolitical grievances. These groups will bounce back when state funding becomes available while making these sophisticated tools and malware available to others,” explains Kumar.

Officials at Subex predict a few trends for the rest of 2020. This includes new malware, more stolen IP and customer information appearing on the Dark Web, and financial services, healthcare, smart cities and retail facing a higher risk of becoming targets of hackers. “Deceptive attacks will reduce as hackers step up direct attacks on businesses and governments. Critical infrastructure will remain a key target. Civic bodies and government agencies dealing with citizen data will have to stay on a high state of alert,” says Kumar.