CYBER ATTACK TRENDS IN INDIA IN RECENT YEARS
Mr. Bhupesh Daheria, CEO and Founder, Aegis School of Data Science and Telecommunication
The rapid technological growth of the information age has helped the cyber world evolve into an all-powerful entity, on which almost every aspect of modern society is dependent. As a result, its potential for disruption and damage has also grown, alongside its applicability for development and progress. Cyber-crime has today become particularly sophisticated and specialised, with incidents like the Union Bank of India Heist, WANNACRY Ransomware attack, Petya Ransomware Campaign, and the UIDAI Data Breach highlighting the need for greatly improved cyber-security in India. A closer look at this string of cyber-attacks in the country in recent years reveals a trend that is as alarming as it is insightful:
Ransomware Attacks
There has been a marked rise in the exploitation of cryptocurrencies over the last two years, utilising ransomware for extortion. However, statistics show that criminals actually prefer to use malicious software to compromise systems instead, which can then be used to mine crypto-currency, a much more lucrative alternative. This is because most compromised systems are not identified until much later, making it extremely difficult to combat the attack. However, ransomware attacks will also continue to be used for the foreseeable future, with more tailored offenses, and greater attention paid to loopholes and vulnerabilities.
Privacy Invasion
Phishing attacks and similar cyber-criminal practices have frequently been used to invade the privacy of digital users, so as to obtain confidential personal information from smartphones, laptops, desktops, and more. These attacks leverage weaknesses in popularly used apps, software, and services, such as fundamental coding vulnerabilities and the shortcomings of legacy systems and information architectures, to obtain valuable consumer information. This is then sold off to firms and other organisations for a significant profit, or leaked on the internet as a means to intimidate or blackmail the user.
Cloud Security Breach
Several emerging businesses take advantage of the flexibility offered by cloud solutions to migrate their legacy systems. However, organised crime groups use the same flexibility to come up with creative methods to identify poorly configured cloud instances. Once identified, these attackers are able to breach the existing security protocols easily, and steal vast reserves of information, besides utilising the immense computing power that the servers possess, for their own goals.
E-commerce Data Breach
2018 saw a multitude of cyber-attacks being carried out against e-commerce websites, and while most of these portals have greatly improved their security protocols and safeguards since then, the risk still remains. By constantly enhancing their skill sets and discovering newer ways of exploiting vulnerabilities, cybercriminals will continue to target e-commerce websites, owing to the highly valuable customer information stored on them. Not only can these attacks be a way of obtaining customer credentials and payment card details, personal information like addresses, telephone numbers, and more, can also be accessed by the perpetrators of the crime. Thus, with the rising popularity of cashless transactions and digital wallets, e-commerce websites must explore alternative fraud control mechanisms and stronger security systems to minimise the weaknesses in their authenticator and payment mechanism features.
Cyberwarfare
Yet another currently dormant, but highly devastating mode of cyber-attack, is when it is used for the purpose of warfare. With almost every country in the world investing in cyber-attack infrastructure, an arsenal of deadly cyber-weapons exist in the world, which can potentially halt or debilitate the entire economy of a nation at a time. As a result, cyber forces and weapons have today become an almost critical part of a nation’s armed forces, instead of just being used as an intelligence apparatus. In fact, current statistics suggest that close to 33 countries in the world now possess cyber-attack capabilities, compared to just 14 in 2012, highlighting the looming danger and the devastating potential of the technology.
Internet of Things (IoT) Vulnerability Exploitation
A rising cause for concern, IoT is a prominently popular technology with incredible potential, used in several smart home systems, security systems, and more, where several capable devices are interconnected on a network. This has become a rising concern today, as even a small vulnerability on one such device can compromise the security of the entire network that it is connected to. Leveraging these weaknesses, Distributed Denial-of-Service (DDoS) attacks have been launched time and again by cybercriminals, crippling huge infrastructural systems of nations. The Mirai Botnet attack, hackable cardiac devices from St. Jude Medical Hospital, and the Owlet WiFi baby heart monitor hack all signify the terrifying nature of such cyber-attacks, which are only expected to increase with the growth in the number of IoT devices in India and the rest of the world.
In order to combat this wave of cyber-attacks, India must take pre-emptive steps to safeguard its digital front, especially considering its massive push for the digitalisation of the country. Since most of these attacks are made for financial profits or to destroy a brand’s reputation, it has now become an urgent need for corporates as well as the Government to prioritise cyber incident response, cyber defence, threat intelligence, and corrective and preventive measures, across the nation.
This highlights the urgent need of cyber commandos who can protect us from the known, as well as unknown threats. Cybersecurity experts stand as the last and most effective line of defence against such attacks. However, there is currently an acute shortage of skilled professionals in cybersecurity fields, not only in India, but worldwide, as well. Looking at the huge gap in skills for Cyber Security, Aegis School of Business, Data Science and Cyber Security has launched its Post Graduate Program (PGP) in Cybersecurity in association with IBM. This PGP in Cyber Security is an interdisciplinary program with visions to build a complex skill set and competency to cope with the ever-changing technical landscape of cybersecurity.