APT attacks

As cybercriminals targeted various sectors of the Indian infrastructure, including businesses and financial service firms, the country has decided to bring a section of sovereignty in the upcoming cybersecurity plan. It would not only protect Indian cyberspace against the growing APT attacks but also build up India’s cyber offensive capabilities to fight the adversaries.

While speaking about the new cyber plan at the Pursuit 2021 event, Lt. General Rajesh Pant, India’s National Cybersecurity coordinator stated that it would address the entire cyber ecosystem – cybercrimes, capacity building, audits, research, and developments. The aim is to address the gaps that have made the Indian ecosystem a major target of the adversaries and “create a safe, secure, resilient, trusted and vibrant cyberspace for our national prosperity.”

According to a report issued by the Financial Stability Board (FSB), cyber criminals have targeted security gaps at several Indian firms amid the pandemic. As workers and firms relied more on virtual private networks and unsecured WiFi access points, each of these points posed a new challenge in Indian cyberspace.

The state-led or non-state hackers have been using phishing, malware, and ransomware practices, to target individuals and firms. Rajesh Babu, managing director of Mirox India in Technopark, Thiruvananthapuram believes that in an evolving area of technology, the government should bring stringent rules and regulations to protect the individuals and data from the new kinds of APT attacks.

Hence, a national cyber strategy has been considered as the need of the hour. The cybersecurity plan to include sovereignty would set deliverables for the Indian entities while the country is working through the cyber risk management processes, incident reporting, response and recovery activities, and cloud and other third-party services.

On the other hand, the rise of non-state actors has strengthened India’s cyber offensive front. There are several APT groups keeping track of the adversary data to launch malware attacks.

SideWinder, also known as RAZOR TIGER, Rattlesnake, APT-C-17, T-APT-04, is the most active threat group that has mostly targeted Indian adversaries in South Asia. The private actor has been attacking Pakistan’s military targets since 2012. They use unique implementations to leverage the exploits of known vulnerabilities (such as CVE-2017-11882) and later deploy a Powershell payload in the final stages.

Recent news suggested that a Pakistani threat group – SideCopy is now imitating SideWinder’s infection techniques to deliver malware attacks on India. The attacks from China, Pakistan and North Korea, etc. have made it clear that India is not exempted from cyberwarfare.

Though the Indian cyber-espionage differs from the top state-sponsored threats – Russia and China, the attacks could be devastating even in the less ambitious geographic scope. It is the non-state actors that have constantly strengthened and defended India’s cyber front. Threat groups like Viceroy Tiger, Dark Basin, and APT C-35 have increased cyber-espionage activities against the adversaries, paving the way for Indian cyberwarfare.

Pant said, “The way 2021 has started, I would call it the year of ransomware.” He stated that the private actors should be equally prepared against the state-backed advanced persistent threat (APT) attacks.

The newest policy that is yet to be approved would include a more forward-thinking approach and would aid the country in fending off the majority of cyberattacks. It would also impose fines if the companies fail to report the APT attacks timely.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: