Learnings from various cyber-attacks in 2023: SecureClaw Cyber Threat Advisory
Learnings from various cyber-attacks on India's Industry in 2023: SecureClaw Cyber Threat Advisory

Learnings from various cyber-attacks in 2023: SecureClaw Cyber Threat Advisory

SecureClaw Cyber Threat Advisory has reviewed over 4,500 cyber news articles in 2023 from various sources and nations to offer tailored solutions.

We are sharing a few statistics that are based on compilations of the news from various channels. Geographically, this data may differ from the actual cyber-attack figures of countries like India because many firms never report cyber incidents to authorities or the media. Still, after studying the cyber news and reports from various sources, the cyber threat insights will provide some insight on where it is leading and how to prevent it.

As the industry gets more digitalized and automated using AI, ML, and various technologies, even more advanced cyberattack tricks are being developed using many of those on the dark side. According to observations worldwide, the majority of cyber threats, including malware, ransomware, and phishing attacks, are now delivered over encrypted channels, which can even fool the firewall and other technical controls. Like the world is overcoming a big pandemic situation, our ignorance towards rising sophisticated cyber-attacks may be responsible for an industrial or digital pandemic where some kind of virus by cybercriminals may spread in all devices and disturb the global economy.

What can India learn from cyberattacks on various industries worldwide?

The Israel-Hamas war has significantly impacted the cyber domain, with potential targeted attacks from state-sponsored threat actors, despite social media abuse and opportunistic hacktivism. Iran attempted to infiltrate Israel's water system in April 2023, causing water poisoning by increasing chlorine levels in residential water, according to media reports. State-backed cyberattacks on US water systems have prompted federal attention to the digital challenges of 2023. It is just an example showing how state-sponsored cybercriminals can harm another country’s essential services or even be harmful to the lives of the people. ?

Airbus, University of California San Francisco (UCSF), Norton, Colonial Pipeline, and many leading organizations have faced supply chain attack in 2023. Globally, today, 90% of the business population is small and medium businesses or enterprises (SMBs or SME companies), which are responsible for 60–70% of employment opportunities and 55% of GDP contribution in developed economies. The Micro, Small, and Medium Enterprises (MSMEs) of India contribute around 30% of the country's GDP, employment to 110 million people, and 45% of exports, according to the latest report. Large or multinational organizations are mostly outsourcing their work to third-party companies or vendors, which are generally MSME companies, and if that entity undergoes a successful cyber-attack, it directly impacts the confidentiality, integrity, and availability of the primary company. It also increased the demand by the big organizations willing to outsource their work to MSME or similar organizations to make them adopt a cybersecurity framework to build a cybersecure supply chain. Cybersecurity implementation for MSME can bring more trust and confidence to the global market.

India is facing alarming cyberattacks

As shown in the graphs, it is not possible to trace the exact gang behind the cybercrimes happening in India; there are still few patterns and evidence points. Most cyberthreats originate in neighboring countries such as Pakistan and China. Cyber-attacks in India target the public and government domains, along with BSFI, manufacturing, education, information technology, retail, NBFCs, transport and logistics, F&B, electricity supply, brokerage, telco, healthcare, hotel, pharmaceutical, insurance, tech, and legal firms. Most of these attacks were carried out to compromise IT systems, database systems, email servers, the cloud environment, critical infrastructure, payment gateway systems, computer systems, web applications and APIs, software platforms, document systems, mobile apps, financial transactions, Android phones, tech support, social media accounts, emails, websites, and even messaging platforms. Various kinds of malware, remote code execution, ransomware, DDoS, RATs, deepfakes, spam calls, and even financial scams were the most popular techniques in India's cybercrime world during 2023.

Overview of Key Cyber-threats in India

Ransomware gangs have developed unique patterns for cybercrimes. Most ransomware attacks have entry points via social engineering, RDP, unpatched software, password guessing, credential theft, remote server attacks, third parties, and USB. Earlier ransomware attacks were only encrypting files on the victim’s computer and were asking for a ransom for the decryption key. LockBit ransomware was active in India and encrypts files and demands payment for decryption keys, targeting businesses and organizations. Later, a double extortion method started where cybercriminals took backups of files before encrypting them and later threatened victims with data sales on the dark web. In the latest cases, even triple extortion started where the victim organization’s supply chain or systems were threatened by the Distributed Denial of Service (DDoS) kind of cyber-attacks.

Numerous victims of BellaCiao malware have been uncovered by research not just in Europe and the United States but also in Turkey and India in the Middle East. Charming Kitten, sometimes called APT35, Mint Sandstorm, or PHOSPHORUS, is an APT organization affiliated with the Islamic Revolutionary Guard Corps (IRGC) that is supported by the Iranian government. This is dropper malware programmed to infect a victim's computer system with additional malware payloads by following instructions from the C2 server. Instead of being downloaded, BellaCiao's payload is hardcoded as faulty base64 strings within the executable and leaked upon request. BellaCiao is employing a novel method for analysing the received IP address and domain name resolution in order to obtain instructions from the C2 server. Once installed on the victim machine, this malware can run scripts, execute commands, download and upload files, upload web logs, report the start and end times of web servers, beep, and even disable web servers. Apart from many malwares, the Pakistan-based group (dubbed APT36) is using a malicious file titled "Revision of Officers Posting Policy" to lure the Indian Army into compromising their systems. These files were found to be delivering malware via malicious macro-enabled PowerPoint add-ons (PPAM).

Malware called DarkGate is based on Windows and has a variety of features, such as the ability to remotely access target endpoints and steal credentials. As part of a large-scale phishing attempt, the suspected Pakistan-aligned threat actor SideCopy has been seen exploiting themes connected to the Indian military research group. In order to deploy a malicious payload that can gather sensitive data, a ZIP archive lure associated with India's Defence Research and Development Organization (DRDO) is utilized. A particular kind of spyware known as a remote access trojan (RAT) gives a cybercriminal the ability to take over a computer or other device that it is placed on. Malicious malware known as RATs poses a serious risk to cybersecurity. They mostly affect PCs, but they can also affect printers, routers, iOS and Android devices, and other networked devices. RATs function by granting unauthorized users access to the device they are installed on. Once a hacker gains access to a device with a RAT, they are in complete control of it. They have the ability to access all of the data on the device, observe as the user works, encrypt files, track keystrokes, and manage other devices that are connected to it. Cybersecurity companies reported in March and April that SideCopy was using decoys connected to DRDO to distribute malware. It has been discovered that the attack chains load and run AllaKore RAT in addition to Action RAT. Action RAT's C2 servers have been related to 18 possible victims in India, and AllaKore RAT's C2 servers have been tied to 236 distinct potential victims in India. Malware called DarkGate is based on Windows and has a variety of features, such as the ability to remotely access target endpoints and steal credentials. As part of a large-scale phishing attempt, the suspected Pakistan-aligned threat actor SideCopy has been seen exploiting themes connected to the Indian military research group. In order to deploy a malicious payload that can gather sensitive data, a ZIP archive lure associated with India's Defence Research and Development Organization (DRDO) is utilized. A particular kind of spyware known as a remote access trojan (RAT) gives a cybercriminal the ability to take over a computer or other device that it is placed on. Malicious malware known as RATs poses a serious risk to cybersecurity. They mostly affect PCs, but they can also affect printers, routers, iOS and Android devices, and other networked devices. RATs function by granting unauthorized users access to the device they are installed on. Once a hacker gains access to a device with a RAT, they are in complete control of it. They have the ability to access all of the data on the device, observe as the user works, encrypt files, track keystrokes, and manage other devices that are connected to it. Cybersecurity companies reported in March and April that SideCopy was using decoys connected to DRDO to distribute malware. It has been discovered that the attack chains load and run AllaKore RAT in addition to Action RAT. Action RAT's C2 servers have been related to 18 possible victims in India, and AllaKore RAT's C2 servers have been tied to 236 distinct potential victims in India. Cybercriminals and threat organizations employ Crimson, a reconnaissance and reconnaissance tool, sometimes referred to as SEEDOOR and Scarimson, to obtain information from compromised systems. In addition to spying on victims, it may be used to take screenshots, steal credentials, and more. The Indian government and military are among the very specific victims that Crimson, which is known to be employed specifically by an APT (Advanced Persistent Threat), targets.

How to be more secured and good cyber resilience?

Here are a few important points on which businesses should focus.

1.????? Adopt Structured Cybersecurity Framework: Every organization, starting from institutes, manufacturing, maritime, pharma, information technology (IT), e-commerce, and even government organizations, should adopt structured cybersecurity best practices. ISO 27001 and NIST are leading cybersecurity standards that can provide the best implementation for any organization. Being a small and medium company, if any organizations are not able to adopt existing big cybersecurity standards, they should at least adopt tailored cybersecurity using the Business Domain Specific Least Cybersecurity Controls Implementation ( BDSLCCI ) framework. Implementing structured cybersecurity like BDSLCCI is cost-effective, easy, and tailored to a company's business domain, covering people, processes, and technology control areas to reduce cyberattack surface.

2.????? Cybersecurity Awareness Training for Employees: Cyberattacks often stem from inadequate employee cybersecurity awareness. Effective training should cover phishing precautions, policies, and insider threats, with employee testing for effectiveness.

3.????? Update is Essential: Many organizations use outdated operating systems (OS), pirated software, or outdated versions of firmware or devices, which opens the door to easy entry for hackers. It is important for organizations to patch and update their systems regularly and keep an eye on zero-day attacks and precautions.

4.????? Only Required Access to Required Entities for Required Time: It is important to not provide high privileges or access unless and until it’s really necessary for one or more employees, partners, or vendors.

5.????? Monitor Organization’s Network: It is important to regularly monitor logs on the organization's network devices and computers and even check notifications related to business transactions on mobile phones or emails. It will give hints on the malicious activities going on, so you can take action to prevent them.

6.????? Regular security audits: Use vulnerability assessment and penetration testing (VAPT) at least on critical digital assets of the organization as part of the governance process. It is essential to fix the identified issues during the same.

7.????? Incident Tracking: Track each security incident as a report until the issue reaches a permanent fix.

8.????? Prepare a business continuity plan (BCP): Prepare for any unseen circumstances, including natural disasters and cybercrimes.

9.????? Good to Consult Expert: It is not necessary that each organization has a budget or skillset to deploy and maintain a cybersecurity posture; hence, external consulting services such as virtual-CISO, VAPT, or source code security review, known as static application security testing (SAST), are also a good option.

Stay Safe ?? Stay Secured ??

Dr. Shekhar Pawar

Know More About Our Cybersecurity Services

SecureClaw Inc, USA provides various cybersecurity services and products worldwide. Business Domain Specific Least Cybersecurity Controls Implementation (BDSLCCI) is one of the services of SecureClaw .

GrassDew IT Solutions Pvt Ltd provides Teleservices , Cybersecurity services , and Software Solution services (software development, maintenance and products).

DO CLICK FOLLOW BUTTON on below LinkedIn page!

https://www.dhirubhai.net/showcase/26603417/

Keep reading our articles and do provide your feedback in comments!

Deepfakes as a Rising Cyberthreat: A Deep Review

Computer Security Day Insights: Interview of Dr. Shekhar Pawar

Guarding Your Business: Ransomware Security and Data Recovery | An Interview of Dr. Shekhar Pawar

Cybercrimes surged in 2022 in India | Praja Report | Hindustan Times

ChatGPT is down: Anonymous hackers in Sudan accept responsibility!

Cloud Security: Comprehensive Survey of Challenges and Trends - a Whitepaper by EC-Council

The impact of a cyber-attack on smart electricity networks might be enormous

How secure is the IoT ecosystem?

Industrial Automation Magazine: How Vulnerable are CNC Machines to Cyberattacks?

Security Tips for Social Media

Keep reading our articles and do provide your feedback in comments!

10 Insightful Web Security Tips for Safe Browsing

Better Security with a Lengthier Password

Have you recorded pronunciation of your name at your LinkedIn profile?

As an employee / stakeholder, how frequently you do receive Cyber Threat alerts and awareness notifications via emails by your Organization?

Clean Internet – What and Why?

Mercedes-Benz E-Class cars were vulnerable for remote hacking

Industrial Automation Robots are facing Many Risks from Legacy Programming Languages

Interactive Voice Response (IVR) Solution helping Organizations to overcome the COVID-19 Business Crisis

SAP’s RECON Vulnerability on Cyber Attack

Shadow Attacks on Digitally Signed PDF Files

Most Destructive Emotet Botnet is Back after long Hibernation Period

Understanding Black Box, White Box and Gray Box Vulnerability Assessment and Penetration Testing (VAPT)

Beware of Fake Zoom Suspension Alerts as Office 365 users are on target of Phishing Attack

Is there a Teammate who is Carbon Dioxide (CO2) of Your Team?

Snake Ransomware is Targeting Industrial Controls : Article @ Industrial Automation India

STRIDE Model Explains 6 Key Types of Cyber Threats

Cyber Extortion, Threats and Blackmail Increasing in Times of COVID-19

Top 18 Must Have Features for any Endpoint Cybersecurity

Top 7 Feature Comparisons Why IZO? Private Cloud by TATA Communication can Benefit compared to Microsoft Azure or AWS

Top 4 Areas for which your Business should have Hosted Interactive Voice Response (HIVR)

Growing Ransomware Attacks in the time of Coronavirus Pandemic

Resolving Top 8 Areas of Concerns by Clean Internet (Security as a Service)

Top 3 Telecom Solutions for Organizations while Employees are Working from Home

Air Team Theory's Book Review in QED, UK Newsletter

Applying Ideas in Real World - Air Team Theory

GrassDew's Article in Industrial Automation Magazine on Cybersecurity Assessment for Mobile Applications

oHRMS Software Product by GrassDew is recognized as Top 10 Most Recommended Employee Management Software Solution Providers of 2019 by CIO Insider

What is GrassDew? in QED September 2019 Newsletter

Interview in "The Co-Founder" magazine by GrassDew CEO Mr. Shekhar Pawar

4 Important Classifications of Physical Threats for IT Systems

Top 5 Security Concerns with Cloud

4 Key Data Pre-processing Methods for Data Mining or Data Warehousing

4 Key Benefits of Using Digital Signature for Documents

6 Easy Defensive Measures For Windows OS Machine Threats

4 Important Points Why GDPR Awareness is Important for Software Delivery Team

GrassDew's Article in Industrial Automation Magazine on "Cybersecurity - Understanding the Vulnerabilities" - Part 2

Understanding Security Issues in Mobile App Code Tampering & Reverse Engineering

Article in Industrial Automation Magazine on "Cybersecurity - Understanding the Vulnerabilities"

Top 10 Types of Bio-metric Authentication

6 Types of Malwares

6 types of IT Security areas

11 contributing factors for Information Security threats

4 Key Benefits of Vulnerability Assessment and Penetration Testing (VAPT)

Air Team Theory by Shekhar Pawar

要查看或添加评论,请登录

社区洞察

其他会员也浏览了