With the advancement of technology, cybercrimes are skyrocketing like never before with more and more countries becoming victims of state-sponsored cyberattacks. According to a report released by the Singapore-based cybersecurity firm Cyfirma titled “2023 India threat landscape report”, India has witnessed a staggering increase in targeted cyberattacks between the period of 2021 to 2023 September. According to the report, the majority of these attacks were aimed at IT companies and the BPO sector.
While government agencies experienced an exponential rise in targeted attacks of up to 460%, startups and small to medium-sized businesses faced an alarming rise of 508%, implying a grave threat to India’s digital economy. The report also highlighted India as the most targeted country, facing 13.7 % of all the attacks, followed by the US which faced 9.6% of the attacks.
Currently, India is facing an onslaught of attacks from almost 39 active campaigns, the majority of which are from China, Russia and North Korea. However, only 6.4% of the threats came from Pakistan and operators from the Middle East. This has been a 180-degree turn from the number of attacks from Pakistan in the year 2015-2016, which were between 58-59%.
According to the report, apart from BPO sector and IT industries, other sectors like healthcare, manufacturing, banking and financial services have also been facing a rise in cyber-attacks. While IT industries and BPO faced 14.3% of the attacks, manufacturing faced 11.6%, and healthcare and education faced 10% each. Retail bore the brunt of 9.8% of the attacks, government agencies 9.6%, banking 9.5%, automobiles 8.3%, and airlines 6.1%.
The report also highlighted specific insights into the ransomware landscape, shedding light on the emergence of the Good Day ransomware, a malicious software identified by the CYFIRMA Research and Advisory Team. This ransomware, belonging to the ARCrypter family, stealthily infiltrates systems disguised as a Microsoft Windows Update executable, named “WindowsUpdate.exe.”
Upon execution, the Good Day ransomware deploys advanced tactics, including the deletion of Volume Shadow Copies (VSS) and the use of idle periods to encrypt files during off-peak times, making data recovery challenging for victims. The ransomware has also demonstrated the capability to detect debug environments, a concerning feature that enables it to evade analysis and detection.
Of particular concern is the ransomware’s association with the Cloak extortion site, indicating a connection between data sales and leaks orchestrated by threat actors. The report highlighted that the ransomware’s malicious activities have been observed across various industries and organizations, with the Windows Operating System being its primary target.
The report has also recognized groups like Turla Group, Fancy Bear, Stone Panda and Lazarus Group as the communities targeting India. Cyfirma’s Threat Discovery Process outlined several key points for organizations to be wary of, including the ransomware’s sneak attack techniques and its persistent threat to Windows systems. The report underlined the importance of enhanced vigilance and preparedness in light of the evolving cyber threat landscape.
In response to the increasing frequency of cyber threats, experts recommend heightened security measures and continuous monitoring of systems. Organizations are encouraged to prioritize cybersecurity investments and stay updated with the latest threat intelligence to mitigate risks effectively.
Image credit: Freepik