By Srinath Srinivasan
The 2020 threat landscape in India was largely shaped by the pandemic. As the pandemic’s timeline of events and progress unfolded, so did attack trends shift. Ransomware was the top attack type in India with a 40% share in the overall threat landscape. Further, digital currency mining and server access attacks hit Indian companies last year. We also witnessed cybercriminals using relief efforts and public health information as spam lures including targeted attacks on critical components of the vaccine supply chain.
“These all remain issues in 2021,” says Sudeep Das, security software technical sales leader, IBM Technology Sales, India/South Asia.
“Organisations need to harden their cloud environments with a zero-trust approach to their security strategy and leverage AI to monitor, detect and contextualise dynamic behaviours and movements across hybrid cloud environments, to verify the legitimacy (or lack of) of a threat and automate a response.” He suggests the use of Confidential Computing for a higher level of isolation for secure enclaves of data. “It encrypts data during processing, whereas before, data had to be decrypted just before being processed, leaving it potentially vulnerable.” Even if cloud environments are compromised, the data would be futile/inaccessible to a malicious actor with technologies such as Confidential Computing.
Recently, IBM Security released the 2021 X-Force Threat Intelligence Index highlighting how cyberattacks evolved in 2020. The Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries. It highlights that attackers pivoted their attacks to businesses for which global Covid-19 response efforts heavily relied, such as hospitals, medical and pharmaceutical manufacturers, as well as energy companies powering the Covid-19 supply chain.
“In essence, the pandemic reshaped what is considered critical infrastructure today, and attackers took note,” says Nick Rossmann, global threat intelligence lead, IBM Security X-Force. “Many organisations were pushed to the front lines of response efforts for the first time – whether to support Covid-19 research, uphold vaccine and food supply chains, or produce personal protective equipment.”
Cyberattacks on healthcare, manufacturing, and energy doubled from the year prior, with threat actors targeting organisations that could not afford downtime due to risks of disrupting medical efforts or critical supply chains. IBM says that manufacturing and energy were the most attacked industries in 2020, second only to the finance and insurance sector. Attackers took advantage of the nearly 50% increase in vulnerabilities in industrial control systems (ICS), which manufacturing and energy depend on.
Asia-Pacific region accounted for 25% of all attacks observed by IBM Security X-Force in 2020, up from 22% as observed in the region in 2019. India was the second most attacked country in the Asia pacific region after Japan and closely followed by Australia in the third place. Finance and insurance was the top attacked industry in India (60%), followed by manufacturing and professional services. “In 2020, most of the attacks on companies in India that we observed spanned from May to July,” says Das.
Specific to the Asia Pacific region, the attacks varied from data theft, ransomware, remote access trojans (RAT), common vulnerabilities and exposure (CVE) and business email compromise (BEC). Data theft made up 22% of all attacks in the region, surpassing even ransomware; the latter made up 19% of all attacks in Asia in 2020.
KEY FINDINGS
- India was the second most attacked country in the Asia Pacific
- Attacks on India made up 7% of all attacks X-Force observed on Asia in 2020
- Finance and insurance was the top attacked industry in India (60%), followed by manufacturing and professional services
- Ransomware was the top attack type, making up roughly 40% of attacks. Digital currency mining and server access attacks hit Indian companies last year
- In 2020, most of the attacks on companies in India spanned from May to July
