Mumbai: Singapore-based cybersecurity firm CYFIRMA in its India Threat Landscape Report 2020 has said that due to increased digital adoption in India but low cyber maturity, more nations have been trying to ‘breach India’s security parameters.’ Nations cited in the report include North Korea, Pakistan, and China who according to the company have stepped up attacks and threats against Indian networks.
The report noted that Cyfirma recorded extended conversations in the Chinese hacking communities where hackers expressed frustration with India. Potential targets discussed included media firms, telecommunication companies, government websites including defense-related agencies, Indian Pharma companies, smartphone manufacturers among others.
It further stated that a North Korean threat actor named ‘Lazarus’ Group increased its activities in 2020, involving file-less attacks, spreading new malware samples, and attacking cryptocurrency-based businesses. The attackers are using new malware attack techniques known as Copperhedge Rat used to target crypto exchanges, Taintedscribe, and Pebbledash malware which can download, upload, delete, and execute files to create and terminate processes, it said.
Kumar Ritesh, Founder, and Ceo of Cyfirma said “While digital adoption is breaking new grounds, the corresponding cyber maturity is low and not keeping pace with technological strides. All these factors are prompting more nations, especially India’s geopolitical foes, to partake in the cyber game targeting India. The Big 3, namely China, North Korea, and Russia, authoritarian regimes that are suspected of aiding state-sponsored cybercriminal activities have shown interest in breaching India’s security perimeters.”
Threat actors by the name of APT36/Mythic Leopard which the firm said are Pakistan government-backed hacker groups have also targeted Indian diplomats in the past to collect sensitive data like email addresses, passwords, and location data. It added, “In the first half of, the threat actors impersonated the Indian Govt to send emails containing malware to victims, mostly Indians. The emails contained bogus health advisories on coronavirus.”
The persons who clicked on the attached document activated malware that gave the attackers access to sensitive and important information like passwords, credit card details, and location data stored on user browsers, it said. The company said that a spear-phishing campaign aimed at computers belonging to the Indian Railways was also detected.
A group called MISSION2025 suspected to be Chinese state-sponsored threat actors and have also been active against India from as early as 2012, it said. The group is suspected of carrying out campaigns against nations such as the US, UK, Japan, India, France, South Korea, Hong Kong, Thailand for financial gains, and/or corporate espionage.
The report said that the new and increasing methods of attacks include ransomware activities, social engineering, phishing attacks, and reconnaissance attacks. The year 2020 has also been named as the ‘year of the ransomware’. A few ransomware groups include Maze, NetWalker, Sodinokibi, Nemty, DoppelPaymer, and Revil.