New Delhi: For three months in 2019, India faced the most cyber-attacks in the world, according to a report released by Subex, a Bengaluru-based firm providing analytics to telecom and communication service providers.
The report, released on 27 February, notes that while the US was the most cyber-targeted nation in 2019, India held the top spot in April, May and June.
“The US was the most targeted nation in the world in 2019. However in the second quarter, India surpassed the US,” the report states. “Throughout the year, India was in the top 5 (countries) especially after March 2019.”
According to the report, the most cyber-attacked countries in 2019 were the US, India, UK, Singapore, Ukraine, UAE, Nigeria, Japan, South Korea and Spain respectively.
In all, the report states, the most cyber-attacks targeting India in 2019 originated in Slovenia followed by Ukraine, the Czech Republic, China, and Mexico.
The most commonly targeted sectors in India were critical infrastructure followed by banking, defence and manufacturing, according to the report.
Prayukth K.V, Subex’s chief marketing officer for Internet of Things (IoT) solutions, told ThePrint that critical infrastructure in oil and gas industries were the most targeted by these attacks.
The countries targeting India
According to the data, 74,988 cyber-attacks targeting India originated in Slovenia. This was followed by Ukraine (55,772 attacks), Czech Republic (53,609 attacks), China (50,000 attacks), and Mexico (35, 201 attacks).
The report says the attacks were carried out through ‘botnets’ that are used to inject malware into a victim’s device, allowing those controlling the botnet to take control of the device, gather information of the device and even remotely make the victim’s device perform specific tasks such as sending information back to the person controlling the botnet.
A ‘botnet’ is a set of devices, which have computing ability and can be connected to each other through the internet — for example, computers, drones, and smartphones can be connected to each other via the internet.
A cyber-security expert who didn’t want to be identified told ThePrint that Slovenia tops the list as Russian state actors may be employing botnets in that country to keep an eye on India’s critical infrastructure in the oil, gas and telecom sectors.
Prayukth of Subex also told ThePrint that while an attack can be traced back to a certain physical location, it is not possible to ascertain who is controlling the botnets.
Botnets physically located in one country, he added, can be leased out to clients based in another country for as low as 30 US cents or around Rs 22 at current exchange rates.
While India faced cyber-attacks, there were at least 13,000 outbound critical attacks from the country, the report states. Iran was the most targeted by cyber-attacks originating in India, with the Persian nation facing 5,700 such attacks in 2019. It was followed by Vietnam (4,150 critical attacks from India).
The Chinese conundrum
Though China is fourth on the list, a press release from Subex accompanying the report noted a “significant” increase in cyber-attacks originating from the country.
According to Subex, Chinese cyber-attacks targeting India are traditionally routed through other countries such as Vietnam or Philippines.
“In the second half of 2019, it was directly possible to trace some cyber-attacks to four new areas in China for the first time,” Prayukth said. “There had been no attempt to hide the attacks originating in these locations in China. We have not been able to understand why the attackers didn’t attempt to cover their tracks.”
According to Prayukth, the four areas in China include Tianjin, Chizhou, Hefei, and Jieshou.
The Subex marketing officer added that the purpose of the cyber-attacks in many instances was not to cause immediate damage, but to stay in the victim’s computer system for the long term, study the security deployed within the computer network, and then gather information of strategic importance.
For instance, in case of an attack on a smart city, a stealthy malware can lie dormant for months together at a time waiting for a trigger event or waiting for the smart city project to reach a certain level of maturity before launching a more serious attack to cripple the city infrastructure.
To compile the report, Subex said it gathered data from its ‘honeypot’ network set up across 62 cities in countries such as India, Myanmar, Qatar, Ghana, and the US.
A honeypot is generic computer terminology to refer to a computer system set up to “mimic likely targets of cyber-attacks”, according to anti-virus software provider Norton. A honeypot may be used to detect attacks, deflect attacks from the actual target, or to gather intelligence on a cyber-criminal’s behavioral patterns.
The report also found that devices most often targeted are common ones such as routers (a device that helps connect to the internet) and surveillance cameras.