Cyberattacks in India continue to grow at an alarming rate with each passing week and various quarters have called for a complete revamp of India’s cyber defense posture to not only reduce the impact of these attacks but also to send a strong message to the groups that are behind these attacks.
However, such an approach begs the question. Will a single piece of legislation or mandate change things on the ground? Or does India need to look at multiple options? This article sheds light on the following questions:
- Cyberattack trends in India 2022
- Why do cyberattacks in India continue to grow at an alarming rate?
- Why is India in need of a major cybersecurity overhaul in 2022?
- Will the Digital India program only remain as a vision?
- How can India strengthen its cyber defensive capabilities?
- The 6-hour cyber incident reporting rules
- The Summary – Getting down to brass tacks
Cyberattack trends in India 2022
To understand why India is in dire need of a major cybersecurity overhaul, we need to first analyze the trends of cyberattacks from the past and be prepared to defend networks from any new and emerging threats.
In the larger scheme of things, while dealing with cyberattacks, it’s always a wise decision to operate with an accurate assessment of the cyber threat landscape through cyber threat intelligence (CTI). Now, let’s get started with the highest priority and work our way down the pecking order.
To get started, Critical infrastructure is the backbone of a nation’s economy. In this case, Critical infrastructure in India is a vital operating organ of a nation that is currently in the middle of a massive digital makeover AKA transformation.
Although the definition of critical infrastructure is wildly subject to change and often mistaken, here is a quick graph of what constitutes a part of the critical infrastructure.
If you are now familiar with it, we can proceed to how the trends in cyberattacks impacting this sector have grown significantly.
Getting down to the numbers. The attacks on critical infrastructure segments grew significantly by almost 70% in 2021 (Sectrio’s Global Threat Landscape 2022) when compared to the previous year.
While the impact of the pandemic accelerated the growth and use of more technology, it also led to a staggering rise in the number of cyber-attacks and sophisticated threat actors which resulted in stealthy ransomware attacks, halts, or disruptions in vital operations, and reputation damage via data leaks.
While rapid shifts and tactical attacks on critical infrastructure can be overwhelming and difficult for one to grasp, one sector faced the brunt of such cyberattacks and bad threat actors.
The manufacturing sector faced a record number of cyberattacks, a massive 101% rise in cyberattacks, targeting Industrial control systems (ICS), SCDA, PLCs, SIS systems, operational technology (OT), and in some cases even connected IoT devices such as printers, Internet connect Uninterrupted Power Supply (UPS) were compromised and became a beacon for lateral movement of malwares across networks.
Smart cities in India also witnessed a spike of 20% in 2021 when compared to the previous year. This included attacks on Oil and Gas plants and power grids and substations.
In fairness, the overall number when compared to the previous year was a whopping 290%, the highest spike recorded to this date in India.
Source: The global threat landscape analysis and assessment report.
In 2022, India could effectively come close to beating the United States in the number of cyberattacks considering the escalating geopolitical tensions in Europe.
We expect a plague of sophisticated malwares, exploiting vulnerabilities at sight, regardless of a particular target in mind. A lowered threshold of state-backed actors is once again a growing concern in the days to come.
Why cyberattacks in India continue to grow?
There are plenty of motives behind a cyberattack or even none as a matter of fact, in some cases. But quantifying it in terms of weaknesses or flaws in a system open for exploitation is the right way.
To touch base on a few prominent vulnerabilities that exist from what we have seen in the past are:
- Not Patching known vulnerabilities / Delayed process of patching vulnerabilities
- Lack or no practice of network segmentation and micro-segmentation
- Most compliance regulations often come across as advisories rather than mandatory requirements.
- Lack of visibility into the networks (no traffic Logs/ Inventorized data on network-connected assets)
- Lack of initiatives to bring awareness to the cyber threats that plague the environment.
In actuality, the list is quite long. If we were to go digging down the list of CVEs and other challenges like the ones that are not yet identified (Zero-day vulnerabilities) we are expecting multifold cascading cyberattacks.
In addition to the above, another reason why cyberattacks will continue to rise significantly is that the number of dark web users has also risen by quite a large volume. This means that most APT groups often dump cyberattack kits, and tutorial videos that are available for anyone to access (Some even as cheap as $5), and in some cases they are restricted to certain groups of people. Such access to information in making a quick buck often draws significant attention and is followed through by clusters of cyberattacks via budding threat actors gaining traction to take on bigger targets. Such attempts also make it difficult for forensic teams to pinpoint particular actors responsible for the attacks.
Participate now: CISO Peer Survey 2022
Another factor we must not ignore is India and its geopolitical ties with other nations. India is familiar with attacks originating from neighboring countries in the past but is new to cyberattacks with heightened sophistication while bearing numerous attack surfaces with the potential to send the country into the dark ages. While India plays a strategic role on many accounts at an international level enabling spotlight and partnerships it also paints a sweet large target for geopolitical threat actors to get through.
Why does India need a major cybersecurity overhaul in 2022?
India needs a major cybersecurity overhaul in 2022, the reason why we are due for one is a question that can be broken down into three logical parts.
Answers to these questions bring perspective as to why we are in need of a major cybersecurity overhaul:
Will cyber attacks in India continue to grow?
Yes, as seen in cyberattack trends earlier, India faced a 290% increase in the number of attacks when compared to the previous period. We expect the sophistication of such cyberattacks to grow significantly. With an overall deterioration of security in this cyberspace. the 290% growth in cyberattacks only seems trivial when compared to the growing and a looming threat India is yet to face.
Does India have the necessary governing bodies and laws that protect the nation on the digital front?
Yes, National Cyber Coordination Centre (NCCC), focuses on threat monitoring and cyber threat intelligence gathering in the nation. Its functions are most similar to NATGRID which was established in 2009. There are several cybercrime cells and CERT-IN teams that provide forensic analysis and apprehend law violators accordingly. Coming to the laws, the IT Act 2000 is prominently used across the nations with significant iterations over the years.
Are Indian cybersecurity laws and programs effective when compared with other nations?
The Indian cybersecurity laws primarily deal with cybercrimes In a broad manner and most of them are related to the theft of intellectual property or privacy. India is yet to dictate clearly stated cybersecurity laws and programs that not just deal with cybersecurity in a broad manner but as nationwide unified laws that enforce regulations and penalties for violations in existing technologies and the budding technology which not only helps the nation quantify and track its growth but also in regulating them before it becomes the wild west for cyberattacks. A fair example of this would be to bring out the fact that India is yet to have laws and compliance mandates for growing technologies such as IoT, ICS, OT, and IIoT.
Understanding India’s current state of cybersecurity laws and regulations, when compared to other nations, is easy when you have a peek at the national cybersecurity index. India is currently ranked at 46th position and in the global cybersecurity index at the 10th position. These indexes have identified that India lacks in the protection of personal data, cybersecurity standards in the public and the private sector, no global information-sharing program, no standardized regulatory bodies, and no compliance mandates on cybersecurity as compared to the United States.
While claiming that the United States is more technically advanced when compared to India, it is also worth mentioning that the newest markets of niche technologies excel in India, but this environment also acts as a multi-platform sandbox for inventors to test out new technologies and for threat actors as a malware test playground to identify the potency and destructiveness of newly developed malwares and in detecting new vectors to exploit.
These three facts are a blaring alarm that India is past due on its timeframe but it’s never too late to adopt cybersecurity laws, set up regulatory bodies, and orchestrate a major cybersecurity overhaul as quickly as possible.
Will the Digital India program only remain as a vision?
Currently, the Vision of the Digital India program in 2022 focuses on 3 key areas, which are:
- Digital Infrastructure as a utility to every citizen infrastructure
- Governance and services on demand
- Digital empowerment of citizens
While these are the very core of the visions of the program, it is imperative to understand the rate of increasing cyberthreats in the environment. It is highly likely that this vision will never come to life without considering security and privacy at its core.
Signs of an early culmination of the Digital India vision.
A single example In 2018, the social security number, also known as AADHAR in India, succumbed to a massive database leak, in some instances, reports claimed that over 1 billion records were breached as a result of the data breach.
In the following year, massive spear-phishing campaigns and social engineering campaigns were launched by several APT threat actors but it’s quite unsure if such campaigns were initiated by the data obtained as a result of the incident or through other data breaches that occurred in that year.
Other signs of deterioration of cybersecurity in India.
- Lowering of geopolitical threshold (Cyberattacks on India following a cricket match on October 25th)
- The emergence of transitory botnets
- Stolen AI-based tools that are helping create malwares that are highly stealthy and adaptive
- A large presence of legacy unpatched systems
- The rapid expansion of digital threat surfaces
Without security and privacy at its core, achieving the vision at the current trajectory without a major cybersecurity intervention is a tough road to be on.
How can India strengthen its cyber defensive capabilities?
India has become a complex testing playground for new, emerging malware and budding threat actors to thrive in. A recent incident such as the Oil and Gas entity headquartered in Dibrugarh, Assam helps puts things into perspective. A breach into the firewall rendered the entities’ IT systems inoperable by ransomware. This was followed later by a ransom demand of over $7 Million. As investigations are underway, things could have been worse if productions, upstream and downstream activities were to be halted as a result of this cyberattack, even worse if the flammable product were to be set ablaze by taking control of OT and ICS equipment. The possibilities are endless.
Much like the incident, key learning would be that there is room for significant improvement, and here is how the nation can get started:
- Adopt new cybersecurity laws, and make them effective nationwide.
- Set up compliance mandates or partner with regulatory bodies who will help you do just that
- One law does not fit all, segment technologies, just like networks.
- Strict enforcement bodies to implement and monitor violations
- Effective penalties for non-compliance or violations
- Be agile! Pass the laws, adopt and enforce them quickly!
India introduces mandatory cyber incident reporting within 6 hours!
While these steps do seem that they would take time to be a reality, it is imperative to stay determined and persistent in achieving these as they have proved to be a key enabler for nations when it comes to massive digital transformation initiatives. While hopes and dreams do come true it is several small changes or improvements that help initiate such an overhaul. Like always, the first step in solving any problem is admitting there is one, the next step is to identify those problems. On the 28th of April 2022, the Government of India’s, Ministry of Electronics and IT did just that. The IT act 2000, section 70B now requires all entities to report cyber incidents to CERT-IN within 6 hours of the cyber incident. This new addition also talks about the retention of user data for VPS and VPN service providers. Do keep a note that these changes will be effective in about 60 days of time.
If you are wondering what constitutes an incident, do use this below list as a guide for reporting incidents.
Types of cybersecurity incidents that must be reported to CERT-IN
- Reconnaissance activities, probing or scanning
- Compromise of systems or breach of information
- Access to unprivileged IT data or systems
- Changes to the website, or unauthorized insertion of malware and links
- Ransomware attacks, Spyware, and other malwares
- Attack on servers such as Database, Mail, and DNS and network devices such as Routers
- Identity Theft, spoofing, and phishing attacks
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) attack
- Attacks on Critical Infrastructure, SCADA and operational technology systems, and Wireless networks
- Attacks on Applications such as E-Governance, E-Commerce, etc
- Data Leaks or breaches
- Attacks on IoT devices or devices connected to the internet
- Attacks or incidents affecting Digital Payment systems
- Attacks through malicious or fake mobile applications
- Unauthorized access to a social media account
- Malicious activity on the cloud, AI, ML, blockchain, and other upcoming technologies
- Attacks on manufacturing equipment
If you find or detect any of the above-listed incidents taking place in your organization, it is imperative that you log these activities and report them to incident@cert-in.org.in or dial 1800-11-4949. As for the reporting format, do ensure that your report contains the following information:
- Time and occurrence of the incident or event
- Information regarding the affected system or network
- Changes occurred/symptoms occurred
- Meticulously mention all the technical details of the incident
For the reporting form refer to this document here.
So, Is India up for a major cybersecurity overhaul?
A big yes, this was due for some time now.
Q: Is India prepared for this monumental change?
A: No, but India is getting there.
Q: How can you get a head start?
A: While the above-mentioned may seem like significant changes to the system, it is nothing short but due at this point in time, that you prepare yourselves for a massive overhaul. If you are an organization that includes the convergence of technology such as IoT, 5G, IT, OT, ICS, and SCADA then Sectrio is your solution in enabling and securing your operations, reach out to us today and find out now!
Ask us about Threat assessment and Vulnerability assessment now!
We have been enabling organizations to improve their cyber resilience against sophisticated threat actors and attacks that plague the current threat landscape in real-time, want to get access to our threat intelligence feeds free for 15 days? Sign up here: Cyber Threat intelligence feeds.