CYFIRMA Warns India of Cyberattacks Emerging from Hostile Neighbours

Kumar Ritesh, Founder and CEO of Singapore-based cybersecurity firm, CYFIRMA, made a crucial observation about the Indian cyber landscape: “India is a haven for start-ups, a fertile ground for technological innovation, sparking the generation of massive amounts of data that attract cybercriminals.”

This is an observation made in the context of the rising culture of work from home during the COVID-19 phase. While India has been breaking barriers with its technical advancements, it’s important that both the public and private actors remain vigilant in the cyber-phere.

As per CYFIRMA’s ‘India Threat Landscape Report 2020’, the online threat actors have ramped up cyberattacks against India. Researchers at CYFIRMA used the firm’s Cyber Threat Intelligence (CTI) platform called DeCYFIR to actively observe global cyberattacks.

The researchers discovered that India remained constant target of hackers that originated from hostile neighbouring nations and raised an alarm about the same to the Indian Computer Emergency Response Team (CERT-In).

As per CYFIRMA, there is a possibility that crucial government bodies, such as Ministry of Foreign affairs, Ministry of Defense, and Ministry of Information and Broadcasting; and big companies such as Reliance, Airtel, Intex technologies might become the next target of these hackers.

Stone Panda, Lazarus Group, APT36 and Mission 2025 are some of the cyber threat actors, listed by CYFIRMA that are already targeting India. 

Chinese threat actor group called Stone Panda was found to be exfiltrating data. The CYFIRMA report stated that the attackers in this organisation “launched passive scans towards an organization’s assets, which we believe to be in the reconnaissance and enumeration phase of a long-planned hacking activity.”

On the other hand, Lazarus Group also increased its ‘fileless’ attacks on cryptocurrency businesses in countries like, India, Japan, the US, Singapore and the UK. The phishing emails sent by the group seemed to be sent by the local authorities in charge of dispensing the government-funded COVID-19 support initiatives. CYFIRMA was able to block seven email templates that were sent to drive the recipients to fake websites. 

Another Chinese-threat actor Mission2025, considered to be the most reclusive among the others, was noted implanting Trojans and backdoor access to steal sensitive information from organisations as part of their cyber-espionage campaigns. The motivation behind all the cyberattacks varied from financial gain to defaming the Indian organisations.

In response to the increasing attacks, India has been speeding up the process of creating an indigenous system of cyberdefence. Likewise, the Indian cyber security companies are bringing up innovative cybersecurity solutions to ensure that network sectors remain safe and secure.

Leave a Reply