Cybersecurity Awareness month, to begin with, let’s understand what really is going on out there as far as the threat landscape is concerned what is getting attacked who’s attacking it that that’s something that we need to really understand to really get a grip on what really is happening out there and what we need to worry about as well right so the first point which speaks about the APT groups uh which are nothing but the state-sponsored hackers these are the most sophisticated uh sort of groups out there because they have access to the latest malware the latest breach tactics and these are very evolved hacking groups which are out there and most of them are supported by certain states either officially or unofficially they’re financed by them they’re backed by them with you know these labs where the research is going on is all funded by certain states right so what typically happens is.
Geopolitical tensions and what it means to cybersecurity
In a situation where there’s a geopolitical tension between different states these are the actors who jump in and sort of carry out cyberattacks against each other right so these groups are evolving and collaborating by that I mean that there is a huge investment that is coming in terms of the funding in terms of you know the r d efforts and a lot of these apt groups which are across certain geographies belonging to different countries they’re collaborating with each other in the sense that they’re sharing malware they’re sharing data items they’re sharing you know stolen data this show stolen information and you know there’s this real-time exchange uh that is taking place uh out there so this is leading to uh and a more increase in sophistication and this is also adding another layer of you know intrigue so that it’s making it very difficult to detect which particular group is behind which particular attacks. Read our weekly OT and IoT Cybersecurity updates and threat monitor.
No prices for guessing the second point out there which is that the government agencies are really on the radar this has been happening for a while now these efforts have intensified since the covid uh sort of pandemic took um you know center stage sometime last year so what really is going on if we wish to understand here is that uh you know a lot of government agencies which were at the forefront of uh this effort to sort of you know uh fight against coveting have all been targeted by the hackers primarily to extract a lot of information from citizens and citizen groups. which calls for sophisticated OT cybersecurity in place measures you know information belonging to government sort of you know agents and people who are involved in this particular you know to fight against covid the hackers saw this as an opportunity to sort of you know to leverage the confusion and the large-scale disruption that had happened with people working from home they didn’t know when they were going to get back to office uh there was a lot of remote management of infrastructure taking place so you know hackers use this sort of you know the opportunity to strike and they were able to sort of you know leak out a lot of information.
which they’re currently using to carry on these cyber-attacks against critical infrastructure and sort of businesses which are out there and again the third point about ransom yes uh it is the ransom the cost per GB of uh you know data. This calls for sophisticated OT and IoT cybersecurity at the earliest. I’m going to be sharing some more information on that it’s again rising which is a huge concern again for all cybersecurity professionals because every single successful cyberattack that happens by that I mean that where there is a ransom that exchanges hands where a ransom is paid to hack a group or groups out there to release that particular data leads to actually more cyber attacks happening in the future because this money is invested by these hackers to carry out more attacks in the future and also to develop better, uh you know ransomware and things like that.
The fourth point about malware launch pads these are nothing but uh botnets and other infrastructure uh that the hackers maintain primarily to strike at targets like critical infrastructure like you know businesses manufacturing and what have you so what really happens in this particular instance is that earlier we were seeing that botnets were located in remote areas of countries where you know there was some connected infrastructure like uh you know renewable uh energy uh projects which were you know uh managed remotely and where there was a lot of IoT being deployed and they were getting hacked and converted into botnets and you know used to sort of carrying DDoS attacks against critical infrastructure and other uh businesses out there right.
Request a demo for our OT and IoT Cybersecurity Solutions today!
What we’re seeing now is uh uh there are botnets which are operating out of phones which have been hijacked you know mobile phones and mobile devices digital devices which have been hijacked and these botnets are slowly moving and sort of converging on urban areas right this becomes a huge point of worry for all of us because once uh these botnets enter urban areas then you will have a sudden rise in the number of botnets because the number of devices is more and will be very hard to detect them as well in an environment where you know there is like you know galaxy of devices so to say uh out there this is again a worrying concern for cybersecurity professionals which we have been observing for a while it’s intensifying as of now as a trend then h1 of this year or rather h1 of most of the years that we have been monitoring usually belongs to sort of new malware that’s the trend that we have been seeing and h2 of any particular usually is where the variants are released. Cybersecurity for OT and IoT is in the need of the hour.
So it’s a typical cycle that you’ve seen again it’s nothing it is worrying of course but it’s not a huge sort of you know problem at this point in time but then again the number of variants that we’ve seen this year is is slightly higher than what we have been seeing last year which is again a problem uh that that probably could arise in the near future again democratization of cyberattacks by that what we mean is that um earlier you know these cyberattacks were linked to or were perpetrated by very few groups who had access to these sophisticated tools right but today because of uh these tools and these malware becoming available to these other you know agencies and these other groups and individuals so everyone has sort of jumped into the fray just to give an example for instance there are pirates who are operating botnets and sort of you know participating in large-scale cyber attacks against critical infrastructure financial services stock exchanges uh you know and other such uh important uh you know cybersecurity for digital infrastructure that’s out there and this democratization means more participants will come in uh and again it will be very difficult to actually figure out where exactly these attacks are coming from and what are the kind of motivations that that are driving these uh these particular attacks and again.
With the collaboration levels that we’re seeing it’s only a matter of time before you know we have some very uh high levels of disruption happening uh because of these uh these actors acting uh uh together right again those are the two cities that we’ve seen from where there’s a huge volume of malware that we’ve dragged back to which are coming in one is from Russia and the other is from North Korea of course and there are certain groups or rather clusters of apt groups again the state-sponsored hackers they are using this particular uh malware that’s coming in from these cities and carrying out some very sophisticated cyber-attacks primarily directed against critical infrastructure that’s something.
We’ll see in a subsequent slide and again the lowering of the geopolitical threshold this this is a point that requires a bit of explanation so let me try so what really is happening is earlier uh for a geopolitical attack to happen for an apt group to be triggered or to be pushed to carry out a sophisticated cyber-attack usually there used to be some uh you know geopolitical back and forth happening by that i mean that there was some clashes at the border or maybe there was a disagreement on a certain issue due to sharing of natural resources or something and then you know you would have this back and forth happening like we have seen in the middle east for instance there are two countries who have been carrying out attacks against their water treatment facilities sometime in mid from mid to early uh 2000 onwards 2020 onwards sorry last year that is so early used to these hackers used to wait or rather the state-sponsored hackers used to wait for a major event to happen before they strike right uh but that is gone.
Now even sporting events where these countries are clashing you know which which is something we saw very recently as recently as uh last last sunday where there was a sporting event which is currently going on in uae and we had hackers from two two countries which were participating were actually carrying out these cyber attacks against each other so the thresholds have come down now uh even sporting events and you know maybe some other sub geopolitical events which are happening could actually lead to a uh uh you know a trigger for a cyber attack the last point there again a very important one for businesses by dead drops what we mean is that there are disgruntled employees or there are folks who are not happy with certain aspects of businesses out there and they’re carrying out they’re carrying uh you know information on privileges and other confidential information and they’re dumping it on places like the dark web and certain other forum from where you know hackers are accessing this data and then using it to target these very businesses right so we call them dead drops which is something very common in espionage but the the significance of this is that this particular occurrence results or this particular trend rather is also leading to a large volume of cyber attacks actually coming in or rather this is leading to hackers actually carrying out a lot of these attacks wherein you know these insiders or disgruntled insiders are actually collaborating willingly or otherwise to uh uh you know help hackers carry out these attacks as a matter of getting revenge or something like that