India has been aggressive with its vaccination drive since its launch in January 2021, for health care and frontline workers first in line. The second phase of the vaccination program for the public kickstarted on March 1, 2021. The two vaccines being administered include “Covishield” from the Serum Institute of India and “Covaxin” from Bharat Biotech. Technology plays a critical role in planning, deploying, and monitoring vaccination programs. Hence, citizens are urged to register via Aarogya Setu or on the CoWIN website. However, hackers are testing the country’s digital architecture, and allegedly impersonating the legitimate CoWIN website to coax citizens into registering on the fake portal and exfiltrate their personal information.
RDP Attacks Skyrocket
Remote work continues to top the business continuity operations in India. According to a cybersecurity report from Kaspersky, India witnessed 9.04 million brute-force attacks against remote desktop protocol (RDP) in February 2021, compared to 1.3 million in February 2020 and to 3.3 million in March 2020. Working in decentralized environments has become the new normal and brute-forcing RDPs, the most common technique for cybercriminals to gain access to Windows systems and execute malware.
“Remote work isn’t going anywhere. Even as companies begin considering re-opening their workplaces, many have stated that they will continue to include remote work in their operating model or pursue a hybrid format,” said Dmitry Galov, a security expert at Kaspersky. “That means it’s likely these types of attacks against remote desktop protocols will continue to occur at a rather high rate. 2020 made it clear that companies need to update their security infrastructure, and a good place to start is providing stronger protection for their RDP access.”
The New-age Oil Leaks Copiously
The data breach landscape in India, pre-COVID, was simple. Adversaries launched ransomware attacks by encrypting the data on vulnerable systems and demanding ransom in exchange for a decryption key. Cybercriminals were complacent in inventing new attack vectors. But as the adage goes, change is the only constant. Today, ransomware groups are re-inventing their modus operandi to not just attack the data or “the new-age oil,” but the brand image of a business. With improved infrastructure, India is opening its doors to global market players. Threat actors are leveraging this opportunity to attack the brand image of a business/enterprise by dropping malware payloads on the targeted system and exporting data, in turn damaging intellectual property and national security.
The recent MobiKwik data leak exposed the data of 3.5 million users, with 6TB of KYC details and 350 GB of compressed MySQL dump. To add to the list, the personal information of 533 million Facebook users from 106 countries was leaked for free on an underground hacking forum – with 6.1 million users from India alone. And if this was not enough, India’s second-largest stockbroker, Upstox, was reportedly the latest victim of a breach, allegedly leaking data of 2.5 million users.
Souring India-China Relations
Ever since the pandemic broke out, India’s relationship with China turned sour. This was evident in the Mumbai power outage in October 2020, which crippled the financial capital with chaos. An investigation from Maharashtra cyber department revealed a malware attack with unaccounted data transfer from a foreign server to the Maharashtra State Electricity Board (MSEB) server. However, evidence from Recorded Future underlined the geopolitical tensions and border clashes between the two Asian neighbors. It claimed that Chinese-state sponsored group “RedEcho” targeted India’s power grid. However, it did not stop here. CERT-In averted a hacking attempt on Telangana state power utilities, TS Transco and TS Genco, by a Chinese cybercriminal hacking group.
In the past, the Indian government alleged Chinese threat actors for attacks on the National Informatics Centre (NIC), the National Security Council (NSC), and the Ministry of External Affairs (MEA). The transformative role of technology impacted Indian cyberspace and the information sector. Another report stated that India was named one of the most cyber-targeted countries globally in 2019, with over 50,000 cyberattacks from China alone. Whereas, the IBM Security report titled “2021 X-Force Threat Intelligence Index,” revealed that India was the second most cyberattacked country in the APAC.
Where do we go from here?
Apart from vaccine disruptions, RDP attacks, and foreign intrusion, team CISO MAG continues to observe common attack trends such as phishing and business email compromise directed towards Indian governments and enterprises. Armies in countries like the U.S. have a cybersecurity unit (U.S. Cyber Command) that is responsible for countering cyberwarfare. India has cyber cells attached to its state police forces, and in a similar vein, the Indian government needs to seriously consider a cyberwarfare unit within the armed forces and scale up its cyber maturity.
Cyberwarfare is here to stay threat actors are eyeing every chance to sabotage the country’s defense mechanism. Out of the many attempts made by security agencies, India’s agility in incident response has been inadequate. And with the soaring second COVID-19 wave, it would be interesting to watch how India combats the vicious nature of existing and new cyberthreats