State-sponsored cyberattacks are increasingly targeting India, according to the India Threat Landscape Report 2020 by cyber intelligence platform CYFIRMA.
“India is a haven for start-ups, a fertile ground for technological innovation, sparking the generation of massive amounts of data that attract cybercriminals,” said Kumar Ritesh, Founder and CEO, CYFIRMA.
“While digital adoption is breaking new ground, the corresponding cyber maturity is low and not keeping pace with technological strides. All these factors are prompting more nations, especially India’s geopolitical foes, to partake in the cyber game targeting India. The Big 3, namely China, North Korea and Russia, authoritarian regimes that are suspected of aiding state-sponsored cybercriminal activities, have shown interest in breaching India’s security perimeters,” Ritesh added.
Threat actors targeting India
Some of the top state-sponsored threat actors targeting India include the North-Korean backed Lazarus group, Chinese state-sponsored threat actors MISSION2025, along with Chinese threat actor Stone Panda/MenuPass/APT 10/ Cloud Hoppe.
Lazarus’ primary activities include spreading new malware samples, and attacking cryptocurrency businesses, while MISSION2025 is suspected of carrying out various campaigns against multiple industries, such as automotive, retail, healthcare, energy, hi-tech, media, finance, telecom, supply chain, and travel, says the report.
The Stone Panda/ MenuPass/ APT 10/ Cloud Hopper “has traditionally shown interest in stealing international trade data and supply chain information from various enterprises across several countries such as India, Japan, Canada, Brazil, etc,” as per the report.
Pakistani government-backed APT36, Operators Transparent Tribe, ProjectM and Mythic Leopard groups have also made it to the list.
The group is believed to have carried out a phishing campaign targeting Indians in the first half of 2020 sending bogus health advisories through emails while impersonating the Indian Government.
“Victims who clicked on the attached document activated a malware that gave them access to sensitive and important information like passwords, credit card details and location data stored on user browsers. A spear-phishing campaign aimed at computers belonging to the Indian Railways was also detected,” the report said.
Ransomware and other threats
Ransomware activity has also been on the rise in India. Ransomware groups are improving their activities and frequently publishing on ransomware data leak sites as part of their new ‘name-and-shame’ modus operandi.
“Healthcare, government agencies, banks, manufacturing, retail, IT service providers and e-commerce platforms are likely to be on their radar for the rest of the year and into early 2021,” the report said.
Maze, NetWalker, Sodinokibi, Nemty, DoppelPaymer, and Revil, among others, have been some of the most active ransomware groups this year.
Phishing and social engineering attacks, Brute force and DDoS attack, commodity malware and reconnaissance activities are threats that are likely to continue through the next year.
Use of malware such as the Mirai Botnet has witnessed a significant rise this year. There has been an increase of over 2,000 per cent in the use of the Mirai Botnet this year compared to last year.
The report indicated “strong evidence suggesting that MISSION2025, one of the major Chinese nation-sponsored hacking groups, have been using compromised networks/IoT devices such as TVs, smart speakers, surveillance cameras, etc. for their Mirai Botnet campaigns.”
Hackers are also increasingly targeting Linux servers through malware attacks or hacking attempts this year, according to the report. Other methods of cyberattacks include targeting email servers and web applications.