Emerging threats in cyberspace
Experts assess that the cyberspace would witness more devastating threats in the 21st Century. While some have assessed that we may see a Cyber Pearl-Harbour attack or 9/11 cyber-attacks soon, the cumulative damage caused by the cyber-attacks in the 2021 was colossal and could be compared with the damages caused by these incidents. The year 2021 witnessed 50% rise in the cyber-attacks over the previous year and the cyber-heist operators were reported to have acquired a vast fortune to the tune of $6 trillion globally. This amount is likely to increase to 10.5 trillion by 2025. The focus of cyber-hackers is on sectors that are rapidly relying more on technology and the users are less prepared to protect themselves against cyber-threats. The rise of attacks in financial sector is because of increasing use of digital platforms.
Cyberattacks are attempts to disable computers, steal data, or breaching computer system to launch additional attacks. It is a malicious and deliberate attempt by an individual, organization or State-sponsored groups to breach the information system of another individual or organization or States. Cyber-attacks are not only growing in geometrical progression but are also assuming more dangerous dimensions. If new technologies like AI, cloud-infrastructure or 5G are proving beneficial to common citizens, the threats are increasing in direct proportion of increasing conveniences. The emerging trends of crimes and threats in cyberspace deserve attention, which are not only the handiwork of individuals or groups of cyber-hackers but also of hostile States.
First, since the outbreak of pandemic, cases pertaining to phishing have increased enormously. Cyber hackers are using the pandemic narrative to peddle fear and con individuals to provide them access to sensitive information. Emails are sent with a request to click on the links that supposedly offer health advice. Hackers are also imitating login page of known sites and are inveigling users into submitting usernames and passwords. The users often take them as genuine platforms. Experts observe that fake platforms are also placed in the App stores. Phishing threat has risen manifolds. According to Google’s Threat Analysis Group, it blocked 18 million Covid-19 themed emails that contained phishing links and malware downloads per day in 2020.
Second, use of cloud infrastructure has created more opportunities for hackers. Corporate world has changed its system: a much larger number of employees are working from home using their own devices [that may be having backdoor tools implanted] and the surge in cloud adoption to support the workforce and this creates new opportunities for cyber-attackers. Significantly, cyber-criminals exploit the vulnerabilities of the cloud infrastructure that allows cyber-attackers to target several targets simultaneously with a single vulnerability. In 2021, several vulnerabilities were detected in cloud system like OMIGOD and ChaosDB. While these were plugged soon after their discoveries, there may be more vulnerabilities yet to be discovered.
Third, the upswing in mobile device usage has also made cyberespionage tools like Pegasus more effective and dangerous. Tools are also available to hack into mobiles and use them as secret listening devices or taking pictures without the knowledge of owners. Some mobiles come with embedded backdoor tools. While India has banned cheap mobiles suspected to have embedded backdoor tools, such smuggled mobiles continue to be available in the markets in India. Mobile malware and Trojans include the FlyTrap, Triada, and MasterFred. These mobile Trojans take advantage of social media, weak app store security controls, and similar techniques to gain access and the necessary permissions on target devices.
Fourth, the increase in supply chain attacks is also noticeable. These can occur when cybercriminals find a weakness or a number of vulnerabilities in an organization’s ecosystem, particularly through third-party systems. This is fuelled by the sudden surge of digitalization, the rise in remote work, and the growing number of connected devices. A serious damaging supply chain attack happened to Solar Winds in 2020. The company deals in system management tools that are widely used by IT professionals, the most popular of which is Orion NMS. Hackers exploited the configurations of the software and inserted malware into the system. This allowed the hackers to get into the system of all organisation using Orion MNS which included US defence department.
Fifth, ransomware threat remains a serious threat since 2017, when the world witnessed the impact of NotPeya and WannaCry. Several organisations paid ransom and got their data while some could not get despite making payments. In 2021 the Colonial Pipeline hack was the most obvious example of the Dark Side ransomware group caused a weeklong shutdown of one of the main pipelines servicing the US East Coast. Another attack last year targeted JBS S.A., the biggest meat processing company in the world, had international impacts, causing shutdowns of plants in the US and abattoirs in Australia that resulted in cancellations of 3,000 workers’ shifts and furloughs of 7,000 employees. In Iran, multiple attacks by hacktivists caused public disruption by targeting railways and gas stations. Crucially, criminals can purchase malware and launch attacks with little expertise.
Sixth, scams and brand impersonations constitute majority of cyber-attacks. Hackers are now sending sms to target for payments (called smishing) which appear genuine and as soon as you place OTP, a huge amount gets deducted from your card or bank account. While such attacks are increasing, it is estimated that at least half of the cases are not reported due to the lack of awareness about the system for filing complaints.
Seventh, State-sponsored attacks are becoming very deadly. Both Pakistan and China are targeting strategically sensitive institutions. Several false accounts linked to these countries have been detected. China has an institutionalised system for cyber-attacks. The Strategic Support Force (SSF) linked Unit 61090 and its various front organisations are involved in cyberattacks. Its RedFoxtrot group is targeting multiple networks of India’s defence, telecommunications, mining and research organisations, including several aerospace and defence contractors.
The emerging scenario is worrisome and demands urgent strengthening of country’s ability to counter the growing threats. This in turn requires making common citizens, who constitute the majority of victims, aware of the trends and enhancing our capability to identify attackers through more investment in researches in advanced cyber technology. Alongside, legal system should be made more stringent to deter the cyberattacks. The Personal Data Protection bill should be redrafted and implemented. And finally, to deal with State-sponsored attacks, a National Cyber Security Strategy should be worked out like other countries, indicating clearly that any breach of India’s cyberspace from foreign actor would be treated at par with violations of our sovereign territory, airspace or territorial waters. The deterrence dimension along with the emphasis on the use of indigenous equipment should constitute the main elements of the national cyber strategy.
Views expressed above are the author’s own.
END OF ARTICLE