New Delhi: For three months in 2019, India faced the most cyber-attacks in the world, according to a report released by Subex, a Bengaluru-based firm providing analytics to telecom and communication service providers.
The report, released on 27 February, notes that while the US was the most cyber-targeted nation in 2019, India held the top spot in April, May and June.
“The US was the most targeted nation in the world in 2019. However in the second quarter, India surpassed the US,” the report states. “Throughout the year, India was in the top 5 (countries) especially after March 2019.”
According to the report, the most cyber-attacked countries in 2019 were the US, India, UK, Singapore, Ukraine, UAE, Nigeria, Japan, South Korea and Spain respectively.
In all, the report states, the most cyber-attacks targeting India in 2019 originated in Slovenia followed by Ukraine, the Czech Republic, China, and Mexico.
The most commonly targeted sectors in India were critical infrastructure followed by banking, defence and manufacturing, according to the report.
Prayukth K.V, Subex’s chief marketing officer for Internet of Things (IoT) solutions, told ThePrint that critical infrastructure in oil and gas industries were the most targeted by these attacks.
We are deeply grateful to our readers & viewers for their time, trust and subscriptions.
Quality journalism is expensive and needs readers to pay for it. Your support will define our work and ThePrint’s future.
The countries targeting India
According to the data, 74,988 cyber-attacks targeting India originated in Slovenia. This was followed by Ukraine (55,772 attacks), Czech Republic (53,609 attacks), China (50,000 attacks), and Mexico (35, 201 attacks).
The report says the attacks were carried out through ‘botnets’ that are used to inject malware into a victim’s device, allowing those controlling the botnet to take control of the device, gather information of the device and even remotely make the victim’s device perform specific tasks such as sending information back to the person controlling the botnet.
A ‘botnet’ is a set of devices, which have computing ability and can be connected to each other through the internet — for example, computers, drones, and smartphones can be connected to each other via the internet.
A cyber-security expert who didn’t want to be identified told ThePrint that Slovenia tops the list as Russian state actors may be employing botnets in that country to keep an eye on India’s critical infrastructure in the oil, gas and telecom sectors.
Prayukth of Subex also told ThePrint that while an attack can be traced back to a certain physical location, it is not possible to ascertain who is controlling the botnets.
Botnets physically located in one country, he added, can be leased out to clients based in another country for as low as 30 US cents or around Rs 22 at current exchange rates.
While India faced cyber-attacks, there were at least 13,000 outbound critical attacks from the country, the report states. Iran was the most targeted by cyber-attacks originating in India, with the Persian nation facing 5,700 such attacks in 2019. It was followed by Vietnam (4,150 critical attacks from India).
The Chinese conundrum
Though China is fourth on the list, a press release from Subex accompanying the report noted a “significant” increase in cyber-attacks originating from the country.
According to Subex, Chinese cyber-attacks targeting India are traditionally routed through other countries such as Vietnam or Philippines.
“In the second half of 2019, it was directly possible to trace some cyber-attacks to four new areas in China for the first time,” Prayukth said. “There had been no attempt to hide the attacks originating in these locations in China. We have not been able to understand why the attackers didn’t attempt to cover their tracks.”
According to Prayukth, the four areas in China include Tianjin, Chizhou, Hefei, and Jieshou.
The Subex marketing officer added that the purpose of the cyber-attacks in many instances was not to cause immediate damage, but to stay in the victim’s computer system for the long term, study the security deployed within the computer network, and then gather information of strategic importance.
For instance, in case of an attack on a smart city, a stealthy malware can lie dormant for months together at a time waiting for a trigger event or waiting for the smart city project to reach a certain level of maturity before launching a more serious attack to cripple the city infrastructure.
To compile the report, Subex said it gathered data from its ‘honeypot’ network set up across 62 cities in countries such as India, Myanmar, Qatar, Ghana, and the US.
A honeypot is generic computer terminology to refer to a computer system set up to “mimic likely targets of cyber-attacks”, according to anti-virus software provider Norton. A honeypot may be used to detect attacks, deflect attacks from the actual target, or to gather intelligence on a cyber-criminal’s behavioral patterns.
The report also found that devices most often targeted are common ones such as routers (a device that helps connect to the internet) and surveillance cameras.
News media is in a crisis & only you can fix it
You are reading this because you value good, intelligent and objective journalism. We thank you for your time and your trust.
You also know that the news media is facing an unprecedented crisis. It is likely that you are also hearing of the brutal layoffs and pay-cuts hitting the industry. There are many reasons why the media’s economics is broken. But a big one is that good people are not yet paying enough for good journalism.
We have a newsroom filled with talented young reporters. We also have the country’s most robust editing and fact-checking team, finest news photographers and video professionals. We are building India’s most ambitious and energetic news platform. And we aren’t even three yet.
At ThePrint, we invest in quality journalists. We pay them fairly and on time even in this difficult period. As you may have noticed, we do not flinch from spending whatever it takes to make sure our reporters reach where the story is. Our stellar coronavirus coverage is a good example. You can check some of it here.
This comes with a sizable cost. For us to continue bringing quality journalism, we need readers like you to pay for it. Because the advertising market is broken too.
If you think we deserve your support, do join us in this endeavour to strengthen fair, free, courageous, and questioning journalism, please click on the link below. Your support will define our journalism, and ThePrint’s future. It will take just a few seconds of your time.